e.weefomal.xyz Open in urlscan Pro
172.67.183.31 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://e.weefomal.xyz/
Submission: On April 08 via api (April 8th 2024, 1:52:58 pm UTC) from US — Scanned from US

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 31 HTTP transactions. The main IP is 172.67.183.31, located in United States and belongs to CLOUDFLARENET, US. The main domain is e.weefomal.xyz.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time e.weefomal.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	172.67.183.31 172.67.183.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c08::9d	15169 (GOOGLE) (GOOGLE)
1	157.185.170.144 157.185.170.144	54994 (ML-1432-5...) (ML-1432-54994)
3	2607:f8b0:400... 2607:f8b0:4004:c06::8a	15169 (GOOGLE) (GOOGLE)
10	172.253.115.138 172.253.115.138	15169 (GOOGLE) (GOOGLE)
1	142.251.16.156 142.251.16.156	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:401... 2a00:1450:401b:810::2003	15169 (GOOGLE) (GOOGLE)
31	8

13 172.67.183.31 (United States)

ASN13335 (CLOUDFLARENET, US)

e.weefomal.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::9d (Washington, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.185.170.144 (Canada)

ASN54994 (ML-1432-54994, CA)

static.svr-algorix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c06::8a (Washington, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.253.115.138 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f138.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.16.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f156.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:401b:810::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 664	83 KB
13	weefomal.xyz e.weefomal.xyz	1 MB
2	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 212	167 KB
1	gstatic.com csi.gstatic.com	225 B
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 115	24 KB
1	svr-algorix.com static.svr-algorix.com — Cisco Umbrella Rank: 336908	12 KB
31	6

	Domain	Requested by
13	fundingchoicesmessages.google.com	e.weefomal.xyz securepubads.g.doubleclick.net
13	e.weefomal.xyz	e.weefomal.xyz
2	securepubads.g.doubleclick.net	e.weefomal.xyz securepubads.g.doubleclick.net
1	csi.gstatic.com	pagead2.googlesyndication.com
1	pagead2.googlesyndication.com
1	static.svr-algorix.com	e.weefomal.xyz
31	6

This site contains no links.

Subject Issuer	Validity	Valid
weefomal.xyz E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
support2.cdnetworks.net GlobalSign RSA OV SSL CA 2018	`2023-06-21` - `2024-07-01`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://e.weefomal.xyz/
Frame ID: F6F2984E72FF10F275D7B3148231BB29
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

weefomal.xyz games

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

31
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

1705 kB
Transfer

2908 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
e.weefomal.xyz/ 20 KB
9 KB 182ms
114ms Document
text/html 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8841efb4e410faaf4976b9eb8c6b047472c82f8a8263226b571f8d19ea82dbac

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: MISS
cf-ray: 8712bd880f6f25a0-MIA
content-encoding: br
content-type: text/html
date: Mon, 08 Apr 2024 13:52:52 GMT
expires: Tue, 09 Apr 2024 13:52:52 GMT
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jtuuw5ke%2B49YD9IflNrD61lbxwJwAoliQTt7XIa5iRURCYyIhpiI%2BNf5pEg3q7Q71iwrQvS%2Bo%2BkydodFG1SdJDOS7r%2Bh2z42bZsf2BaFNxMHhmqP%2FuefKI0UFKeAHNMmHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
29 KB 230ms
120ms Script
text/javascript 2607:f8b0:4004:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f19196444775e821bf3eb6d79f560100b4cd77006d06b4a03f7f0ad0abb3a976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29190
x-xss-protection: 0
server: cafe
etag: 171 / 19821 / 31082448 / config-hash: 9819134272039565054
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Apr 2024 13:52:52 GMT

GET
H/1.1 200
OK mwalgorix.js Show response
static.svr-algorix.com/ 11 KB
12 KB 571ms
62ms Script
application/javascript 157.185.170.144
ML-1432-54994

General

Check archive.org

Show headers Download Go to

Full URL: https://static.svr-algorix.com/mwalgorix.js
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 157.185.170.144 , Canada, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 7bbbef67d0c53dfc94fd39b6e72a263dba9bb7e10f6ab87d7f49799b16a1c86f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 08 Apr 2024 13:52:53 GMT
x-amz-version-id: nnx98j6vnbeZI5bGDoRyU.uVXQUCn3iz
Via: 1.1 hx171:9 (W), 1.1 PSmgnyNY3vz41:16 (W)
Last-Modified: Wed, 03 Nov 2021 07:24:40 GMT
Server: PWS/8.3.1.0.8
x-amz-request-id: MYAX98KKN2FEWQ9C
Age: 315
ETag: "73b27fb7f3417c010797a323b7973258"
X-Ws-Request-Id: 6613f6b5_PSmgnyNY3aa36_43145-37671
Content-Type: application/javascript
X-Px: ht PSmgnyNY3vz41JFK
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11355
x-amz-id-2: T++ykJjW0npvWmgjz8gDlR7IPwWORMiMJU7BixHw1K5u/aLj7khs4/8jQhlImleX9vuiw8Lcigo=

GET
H2 200 pub-6015682884400545 Show response
fundingchoicesmessages.google.com/i/ 23 KB
10 KB 198ms
88ms Script
application/javascript 2607:f8b0:4004:c06::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/pub-6015682884400545?ers=1

Requested by

Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

318242ac44acc795cdd319233d9487b0577a4660fe25b62868e8b06297892186

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-UzI1CRn_XXzQnmAmVm6HqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-UzI1CRn_XXzQnmAmVm6HqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw15BiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAtxc2x9e34Dm8CM86tTAVWfNZY"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 chunk-common.ef053862.css
e.weefomal.xyz/css/ 37 KB
7 KB 202ms
200ms Stylesheet
text/css 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/css/chunk-common.ef053862.css
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8492b48978e15009a98a852b7b191b43412e72b466c4510592ffc060437fab5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-94cc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7d8Ugm3SJxOtgOAdp6E%2BucOLgHxX7FrUF3IdDAX2jeILHDUuyk1yfz1vHBC9TiT7skxmpsA9pS%2BV%2B6HstsbSWfpikVBFv7xxv89tEVKhbaLeXbVsXeOXKWuh%2Fn3Cy2%2B9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 8712bd88d80225a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 chunk-vendors.df919975.css
e.weefomal.xyz/css/ 69 KB
32 KB 276ms
275ms Stylesheet
text/css 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/css/chunk-vendors.df919975.css
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d8e4695f7fa97f1bfeb3580f3deb14056a2d65dabd7e07e110332390ceeed4

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-11327"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kkQnjD2UfHb%2Bry7BGLTGEO7VCQbQWQ7hWj6iP76ZSjl8ySxI1kWBNuFeJYZKaTLYjrxr411HgZApTxLJCXTLkEceZUyRaY9I0zSpY4ZDAiIjMyoKrOl6iiUFIGnLHyVWGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 8712bd88d80325a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 index.6238a67e.css
e.weefomal.xyz/css/ 19 KB
4 KB 121ms
120ms Stylesheet
text/css 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/css/index.6238a67e.css
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dadd4eb8336aad0f3f17d60b1c7c009e91c61d31ac77ed8568a71eb4333f8e9a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-4dae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZ5typmw4KaxJPLPOdzMdERV02DgvemrAyplNDp24TEpVrXiLXJUYVjcLrTaD%2BmlTaNxzRDac4twLj3ui8TW1xvyAW2flExs5miWAKcT2Ikq9rDpsXDSy9%2Fl%2BdezAAo4CA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 8712bd88d80525a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 chunk-common.c6979572.js Show response
e.weefomal.xyz/js/ 293 KB
93 KB 442ms
441ms Script
application/javascript 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/js/chunk-common.c6979572.js
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc666e7a09fe62310118c6945bd6cdc13575e82c740ac45cda7b32bedadb9a3b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-49215"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJSZOtPsnUuCdjIaSN4jJKqTky20zuHsecgu02oxhzfuwZNyi4oXpXMcMf0Is%2BhcLOPDy57h2t1NpdaNy0snIzqnPCzVyaS9Czz%2BJi8lkBxExIK9Czmjcxh9bT3%2FBfd1PA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8712bd88d80725a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 chunk-vendors.facad671.js Show response
e.weefomal.xyz/js/ 484 KB
155 KB 304ms
303ms Script
application/javascript 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/js/chunk-vendors.facad671.js
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 544e1b120961ed0eb032daebd53513f928c55e509125f4aa74e4a3db45b8ef9a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-79149"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ogoj3G2%2FIpnUfDqqfIqG3ZSai2ltxPIJYAX5jGlL3OubMfpY4IYIe30dTzQucPQL5Cf4lKCQoo2AS4tigu9wYDQOwqU%2FrneOvSHvKXGEqWtokhN4c3NnjO6lRTPxlVTT3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8712bd88d80925a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 index.83957a30.js Show response
e.weefomal.xyz/js/ 36 KB
8 KB 386ms
385ms Script
application/javascript 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/js/index.83957a30.js
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c15810743770b6f76c2b4239bf3e815ffce20f5ba8a50db3c32ce66abf78332

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-8e21"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zXzp3CyhSxW47BLEW9rC1ENwfVwcSPfz5FXCFiKoLSOiROoKJ9cdx2tFzyxYK4IiflTdEKUNoqfOHWlA87nclS9jN5ProInrZXNs4p0ELub1pYS5ftB%2BUFdIp8DcOraATQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8712bd88d80b25a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:52 GMT

GET
H3 200 color.js Show response
e.weefomal.xyz/ 4 KB
2 KB 191ms
191ms Script
application/javascript 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/color.js
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81f6eea2b5ac841e78950fd950adf50065e6a7ec57f1d6d17ef292ac9ca089cd

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-1066"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTyQKT45GshbOFKnAvMA5I9pV4em7fLXDnlEAjgmgfxbdg%2BT5zlnktgrZPIdhbjx7DD%2FWwvUP671SUg4ww%2BicNTA%2B9dN8RvuJ7ejOudMyZo5n1GtUU20O7QeyQx6GrxU%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8712bd8c6c8d25a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:53 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202403270101/ 441 KB
138 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202403270101/pubads_impl.js?cb=31082448

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccf37446ea1ee83a3fce3f04bd63d69bb12d619e8e4c359540df4b94638daf74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141434
x-xss-protection: 0
server: cafe
etag: 5731712271330627757
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 08 Apr 2025 13:52:26 GMT

GET
H2 200 pub-6015682884400545 Show response
fundingchoicesmessages.google.com/b/ 10 KB
5 KB 76ms
76ms Script
application/javascript 2607:f8b0:4004:c06::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/b/pub-6015682884400545

Requested by

Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8da8645d582e14ce3b728f56247b0d0c3a052ab0b692566783efa51a751dd8d2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-G8JFWw-9e1fUk58HR_DobQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-G8JFWw-9e1fUk58HR_DobQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw1pBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAtxc2x9e34Dm8CNWW-yAFSjNeM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 23 KB
23 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b61fe558de138dc00513ebede4e8b0fd3bd60bd16ff20da95872835f1e359b8

Request headers

Referer
Origin: https://e.weefomal.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
H3 200 games_v2.bin Show response
e.weefomal.xyz/conf/ 70 B
733 B 197ms
196ms XHR
application/octet-stream 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/conf/games_v2.bin
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/js/chunk-vendors.facad671.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3c190025938b937a9d3da03b9179c0312b2dac5483fab1711a48d51d51b1b77

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://e.weefomal.xyz/
token: null
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
x-oss-request-id: 6613F6B59FA2BD31372B0585
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: jgwjxSI6c4wtYtHLJecF/w==
alt-svc: h3=":443"; ma=86400
content-length: 70
x-oss-object-type: Normal
last-modified: Wed, 29 Nov 2023 07:25:25 GMT
server: cloudflare
etag: "8E0C23C5223A738C2D62D1CB25E705FF"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3iNEofkQ1rjPk5RR4nYgAf%2FCOHtKS7jUr9OrO0o18J4jR2CZBUWxKv1VdVuKrF5bpI%2Bx8HDEo41VqMyrKU3mFZrRd4PlbvtYidrKXM3cP0QpKlQ0fRSDPBQMXAP0vvZMcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=3600
x-oss-storage-class: Standard
accept-ranges: bytes
cf-ray: 8712bd8cdcff25a0-MIA
x-oss-hash-crc64ecma: 15912237831453317298
x-oss-server-time: 1
expires: Mon, 08 Apr 2024 14:52:53 GMT

GET
H3 404 e.weefomal.xyz.bin Show response
e.weefomal.xyz/conf/ 400 B
752 B 197ms
196ms XHR
application/xml 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/conf/e.weefomal.xyz.bin
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/js/chunk-vendors.facad671.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce72692a8ea0dcc8e7e85fc9844da93832c92c5422590f2c4f15523873d2779c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://e.weefomal.xyz/
token: null
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-encoding: br
x-oss-request-id: 6613F6B57A7BC83032C722C7
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5W8F1a89L28jhwUEQY%2Fh9sPrvKUA2q%2FVUQuWLdkmGCCFTTE8mOqkhfcIg3HT%2F7WFS9amhI%2BuGXdIYuIunqWSRmT%2FO5Y0XmcVkbxmjh80CbFqEVT%2B8Lxz7H7Ksgc5S1iK4w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-oss-ec: 0026-00000001
content-type: application/xml
cf-ray: 8712bd8cdd0225a0-MIA
alt-svc: h3=":443"; ma=86400
x-oss-server-time: 1

GET
H3 404 ads.e.weefomal.xyz.bin Show response
e.weefomal.xyz/conf/ 404 B
749 B 123ms
122ms XHR
application/xml 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/conf/ads.e.weefomal.xyz.bin
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/js/chunk-vendors.facad671.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83e816fe700569fa4b32c30f41d6cd2f384ec67303635a0f582fefe409dadfa4

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://e.weefomal.xyz/
token: null
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-encoding: br
x-oss-request-id: 6613F6B5F31E4F363985E17B
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWBBRpW%2FbbFgJGJheKXpe4x7xYEUtEXnyx44PwtzMcH231gHLDLP%2BJmvfbjIJyujMAdsKel99Qxp2KYCtnvKULtVOpYSiyNcydnOUD3feMbCb9Ic6LUZjWCmjfyQWwdZ6g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-oss-ec: 0026-00000001
content-type: application/xml
cf-ray: 8712bd8cdd0325a0-MIA
alt-svc: h3=":443"; ma=86400
x-oss-server-time: 2

GET
H3 200 bg1_pc.72465399.png
e.weefomal.xyz/img/ 1 MB
1 MB 310ms
310ms Image
image/png 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.weefomal.xyz/img/bg1_pc.72465399.png
Requested by: Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cb685e53f5269b4e3c721763c67f9c1ba0159d2b7b56716892253f338ab6fc1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66016710-10e3ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHdMsvuY%2B3WHuj4WEvMBP2ybsZr%2B2rmu8bBNociENAZpaoOSDaY8V9GB%2F6joKgX3gDo6pogrslZyOdKxMibXoeJpMn0aUBknBfxQUquUQu7n7mLRy4CecdHQEWDtRXv%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 8712bd8ced0725a0-MIA
alt-svc: h3=":443"; ma=86400
content-length: 1106943
expires: Tue, 09 Apr 2024 13:52:53 GMT

GET
H3 204 AGSKWxXEjS0I2u6GTqh7ZZg2QpOrS5lRWk2301eZf_Dii5LkLaFSOqVQ9uhNiTUi4GF_YMotVw8Iup-fHfG_HFnGTyxEzg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 173ms
71ms XHR
text/html 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXEjS0I2u6GTqh7ZZg2QpOrS5lRWk2301eZf_Dii5LkLaFSOqVQ9uhNiTUi4GF_YMotVw8Iup-fHfG_HFnGTyxEzg==

Requested by

Host: e.weefomal.xyz
URL: https://e.weefomal.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6d8px3Aq2ljNmHtTY_VjhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6d8px3Aq2ljNmHtTY_VjhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0pBiqGV4xtQKxE7pM1hDgFiIh2Pr2_Mb2AQ6ri08xwgAyPAMmA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://e.weefomal.xyz
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 23026508119 Show response
fundingchoicesmessages.google.com/i/ 180 KB
59 KB 92ms
90ms Script
application/javascript 2607:f8b0:4004:c06::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/23026508119?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202403270101/pubads_impl.js?cb=31082448

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2172a63930e14a8591cbc039e392b9e01bd2a82b5a74a1d6b238d6e8e2cf6303

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LIJSL6XZFMfzrPib1TPzmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: script-src 'report-sample' 'nonce-LIJSL6XZFMfzrPib1TPzmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII1JBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAvxcGx9e34Dm8CGZ0dPMAIAke82Tg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWvWvTrCSo6XHkrZ-VGQsxAFBWwykGTtbxbzxDbiCcPre0wK0jtT1aGmdTFD3iY-yWcPRb1noQCAhRmlJRtXrw5IxIWR9pL1XMjilbISVXhDb7g1MXNYAFyDDOZ7El_MYf8l88CjQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
1 KB 78ms
78ms Script
application/javascript 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWvWvTrCSo6XHkrZ-VGQsxAFBWwykGTtbxbzxDbiCcPre0wK0jtT1aGmdTFD3iY-yWcPRb1noQCAhRmlJRtXrw5IxIWR9pL1XMjilbISVXhDb7g1MXNYAFyDDOZ7El_MYf8l88CjQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEyNTg0MzczLDU1ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9lLndlZWZvbWFsLnh5ei8iLG51bGwsW1s4LCJzR2J1OUFHU2dZZyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.sGbu9AGSgYg.es5.O/am=wA/d=1/rs=AJlcJMz_w28gmMhOLqu37j7B7vieKY5s0w/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

ea7a91ff9d119990bce52cc563714900ea20938e5506245951dd2647045cedf7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3OPcj20uF_bbd3pvb-X97g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: script-src 'report-sample' 'nonce-3OPcj20uF_bbd3pvb-X97g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmLw05BiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAvxcGx9e34Dm0DHxhsLmQCO0TXb"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxU-A_Q5y0i92SwzGC9OVQ8v_15weboWujPkdqESLmpdyjxoWMs7RuIAM6G6DPvCSMq5hWGn8-_3P9VCQAOL7okUdOBBNTexYPYwl4JKkYlfD6gppBE167Xc0SRtFMftItb9qFE6Gg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 84ms
84ms Script
application/javascript 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU-A_Q5y0i92SwzGC9OVQ8v_15weboWujPkdqESLmpdyjxoWMs7RuIAM6G6DPvCSMq5hWGn8-_3P9VCQAOL7okUdOBBNTexYPYwl4JKkYlfD6gppBE167Xc0SRtFMftItb9qFE6Gg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEyNTg0MzczLDY0MzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vZS53ZWVmb21hbC54eXovIixudWxsLFtbOCwic0didTlBR1NnWWciXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e34ca2dbdd956b9b64dea86b99374f863317725d6d9cbecd2a94e333db67dcfc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-I6Xa2lDoJPmxVUpJaqhnEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-security-policy: script-src 'report-sample' 'nonce-I6Xa2lDoJPmxVUpJaqhnEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw1pBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAvxcGx9e34Dm8CKVXtPMQEAihg19w"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 favicon.ico
e.weefomal.xyz/ 4 KB
3 KB 123ms
122ms Other
image/x-icon 172.67.183.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.weefomal.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01e249bb640b4165ad2d5cc967651bd8f2a8de47669d562bb35132a284989367

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:53 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Mar 2024 11:59:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66016710-113e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2FHc7OzxfdDbCBnT2XoWzpootz6hXh2fyQYzVKHHlqZOUPOLAU7LzBASKjng1CQ%2Bs1b0eavR%2BRId%2BXGf5Jxlfn2OwGYmMRcLM%2FE1M5co1yCB96Ju49x%2FPGRnmbRbabaK1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=86400
cf-ray: 8712bd90b9a025a0-MIA
alt-svc: h3=":443"; ma=86400
expires: Tue, 09 Apr 2024 13:52:53 GMT

GET
H3 200 sponsored-content-_iad.html Show response
fundingchoicesmessages.google.com/f/AGSKWxWGK-BMJBk5kGDx57o0A343sswta1i565kIwiqIjco9VoZRKc-vwQfRUCbmzlg6NA80uyzEt6Hw25MecItFnIAI6CAOhLO_w8SqhN52o28uMLyNDVSAF1raFj4MM6ZAUpPhxk57VEWODmUOMxqyfh12KM47g... 54 B
110 B 72ms
70ms Script
application/javascript 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWGK-BMJBk5kGDx57o0A343sswta1i565kIwiqIjco9VoZRKc-vwQfRUCbmzlg6NA80uyzEt6Hw25MecItFnIAI6CAOhLO_w8SqhN52o28uMLyNDVSAF1raFj4MM6ZAUpPhxk57VEWODmUOMxqyfh12KM47gC5eqsp7JvrYBx4zASr3FtTIMb0lr1vD/_/centralresource/ad_/sponsored-content-_iad.html?_id/ads//adjs_

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.sGbu9AGSgYg.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwA5cs1QTtFRmG_GKR0UrFZHYFwzw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

00b1fdcaf6dcc8a5cef4b650c003b35cdf186bcb8e7f4196f5efce93c08e06c4

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-hPHMYnLRl4PIcdy263bBeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-hPHMYnLRl4PIcdy263bBeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw1JBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJo6vL5kkgFgNiPnWTWdVAWLN9dNZA4E45vl01hQgdkqfwRoAxD71M1ijgLj15jnWyUB8csF51otAnPTvPGsBEAvxcGx7e34Dm8CPnrmbGQGJuDXw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 65 KB
24 KB 160ms
51ms Script
text/javascript 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.156 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

cafe /

Resource Hash

c232eff03aa95331135d5903b60f2363f3e90b00db5c171cbfff6c7a355c14b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24544
x-xss-protection: 0
server: cafe
etag: 723227840650810741
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 08 Apr 2024 14:51:44 GMT

POST
H3 204 AGSKWxVUChpcOqZahc913QEenVl3ZJzvXX1MNveNVscIy4izMTRxEbOlsIbgF7yp9R8qss6La8n7yt8rOfDEWlKg37zYJepvazK_5snLqNX7T2j5b_wL6X5xaKasKqys96mVu8hiOFZb4Q== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 71ms
71ms XHR
text/html 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVUChpcOqZahc913QEenVl3ZJzvXX1MNveNVscIy4izMTRxEbOlsIbgF7yp9R8qss6La8n7yt8rOfDEWlKg37zYJepvazK_5snLqNX7T2j5b_wL6X5xaKasKqys96mVu8hiOFZb4Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rN5-hE-rgcJrBEI9Ft10Bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rN5-hE-rgcJrBEI9Ft10Bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBiqGV4xtQKxE7pM1hDgFiIh2Pb2_Mb2AQOfJ25hREAyXcMyA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://e.weefomal.xyz
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVUChpcOqZahc913QEenVl3ZJzvXX1MNveNVscIy4izMTRxEbOlsIbgF7yp9R8qss6La8n7yt8rOfDEWlKg37zYJepvazK_5snLqNX7T2j5b_wL6X5xaKasKqys96mVu8hiOFZb4Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6QczXU1VAfomzPPWoc31eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6QczXU1VAfomzPPWoc31eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBiqGV4xtQKxE7pM1hDgFiIh2Pb2_Mb2AQWrJ1yjREAx-wMfQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://e.weefomal.xyz
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVUChpcOqZahc913QEenVl3ZJzvXX1MNveNVscIy4izMTRxEbOlsIbgF7yp9R8qss6La8n7yt8rOfDEWlKg37zYJepvazK_5snLqNX7T2j5b_wL6X5xaKasKqys96mVu8hiOFZb4Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-G6j0L6MH60dWL-T2EfhB9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-G6j0L6MH60dWL-T2EfhB9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0pBiqGV4xtQKxE7pM1hDgFiIh2Pb2_Mb2AQm9HX2MAEAxzgMAA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://e.weefomal.xyz
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVUChpcOqZahc913QEenVl3ZJzvXX1MNveNVscIy4izMTRxEbOlsIbgF7yp9R8qss6La8n7yt8rOfDEWlKg37zYJepvazK_5snLqNX7T2j5b_wL6X5xaKasKqys96mVu8hiOFZb4Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cz9m-IOs094Rb3aMogMkWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: script-src 'report-sample' 'nonce-cz9m-IOs094Rb3aMogMkWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0ZBiqGV4xtQKxE7pM1hDgFiIh2Pb2_Mb2AQmrLrWzQQAyNEMag"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://e.weefomal.xyz
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWxG225o9qCM_SWm3wgAVjhZob6GcZGaw__9xBzW1Ixf0RJeMov2sNIVWV1LoAZrTS2QkJ5OAxi2sCVrRwCXNxpq6Dokc86jhLGeSl6k8uSmQtxX86v2n-AoHTflBDJml9LdcidgA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 90ms
90ms Script
application/javascript 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWxG225o9qCM_SWm3wgAVjhZob6GcZGaw__9xBzW1Ixf0RJeMov2sNIVWV1LoAZrTS2QkJ5OAxi2sCVrRwCXNxpq6Dokc86jhLGeSl6k8uSmQtxX86v2n-AoHTflBDJml9LdcidgA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEyNTg0Mzc0LDUyNDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9lLndlZWZvbWFsLnh5ei8iLG51bGwsW1s4LCJzR2J1OUFHU2dZZyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

cfbfbea78079ae05fcd0a51fa439d5517957cd936d3b96157d0e8c205864b21e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jquzIor0bSojkJlORezEKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: script-src 'report-sample' 'nonce-jquzIor0bSojkJlORezEKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjqtHikmLw1ZBiWMy_i-nkrdtMF4H4vNMdputAXMvwjKkViA00njNZAPG7Ly-ZOL6-ZJIAYjUg5ls3nVUFiDXXT2cNBOKY59NZU4DYKX0GawAQ-9TPYI0C4tab51gnA_HJBedZLwJx0r_zrAVALMTDse3t-Q1sAitOrpvCBADIkjxe"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
225 B 716ms
375ms Ping
image/gif 2a00:1450:401b:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lur0iol4&ctx=0&met.9=1.dj~2.q8
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:401b:810::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 08 Apr 2024 13:52:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxUGsbQM_SGXnvGri2zZ82sG724ke0WshVwRtULe1OCEbLNp9SGFb2h6BGrKKW7miRJ5Aa93F_OjlsIZlK2EcnMkt_TYLcypnpokBmNZ_SNZeGviuExcU9ySMlPjLGZ8uRzzZCITBA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 69ms
68ms XHR
text/html 172.253.115.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUGsbQM_SGXnvGri2zZ82sG724ke0WshVwRtULe1OCEbLNp9SGFb2h6BGrKKW7miRJ5Aa93F_OjlsIZlK2EcnMkt_TYLcypnpokBmNZ_SNZeGviuExcU9ySMlPjLGZ8uRzzZCITBA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hiC1tjGJST8iF_XaZfE3Jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://e.weefomal.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Apr 2024 13:52:54 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hiC1tjGJST8iF_XaZfE3Jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1ZBiqGV4xtQKxE7pM1hDgFiIh2Pb2_Mb2ARe7Ly2kwkAy0MNAA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://e.weefomal.xyz
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.weefomal.xyz/	1970-01-21 04:28:40	Name: FCNEC Value: %5B%5B%22AKsRol9mZsHtuZhUW3TQQPDT2cvUuxAsDIHzdVxtYe6hEZVVLutjGPvmoIu4TsEgHTsxBEl8yOGRpfIyukigxx94A2IjQIGLCDfAWp6Jx_alb82pFRbLHuUy0_8QoRDVqjF88kmoH21XhP4fXZSB5df5-B4Ts7p3Cg%3D%3D%22%5D%5D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://e.weefomal.xyz/conf/ads.e.weefomal.xyz.bin Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://e.weefomal.xyz/conf/e.weefomal.xyz.bin Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csi.gstatic.com
e.weefomal.xyz
fundingchoicesmessages.google.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
static.svr-algorix.com
142.251.16.156
157.185.170.144
172.253.115.138
172.67.183.31
2607:f8b0:4004:c06::8a
2607:f8b0:4004:c08::9d
2a00:1450:401b:810::2003
00b1fdcaf6dcc8a5cef4b650c003b35cdf186bcb8e7f4196f5efce93c08e06c4
01e249bb640b4165ad2d5cc967651bd8f2a8de47669d562bb35132a284989367
2172a63930e14a8591cbc039e392b9e01bd2a82b5a74a1d6b238d6e8e2cf6303
25d8e4695f7fa97f1bfeb3580f3deb14056a2d65dabd7e07e110332390ceeed4
2b61fe558de138dc00513ebede4e8b0fd3bd60bd16ff20da95872835f1e359b8
318242ac44acc795cdd319233d9487b0577a4660fe25b62868e8b06297892186
544e1b120961ed0eb032daebd53513f928c55e509125f4aa74e4a3db45b8ef9a
7bbbef67d0c53dfc94fd39b6e72a263dba9bb7e10f6ab87d7f49799b16a1c86f
7cb685e53f5269b4e3c721763c67f9c1ba0159d2b7b56716892253f338ab6fc1
81f6eea2b5ac841e78950fd950adf50065e6a7ec57f1d6d17ef292ac9ca089cd
83e816fe700569fa4b32c30f41d6cd2f384ec67303635a0f582fefe409dadfa4
8841efb4e410faaf4976b9eb8c6b047472c82f8a8263226b571f8d19ea82dbac
8da8645d582e14ce3b728f56247b0d0c3a052ab0b692566783efa51a751dd8d2
9c15810743770b6f76c2b4239bf3e815ffce20f5ba8a50db3c32ce66abf78332
a3c190025938b937a9d3da03b9179c0312b2dac5483fab1711a48d51d51b1b77
bc666e7a09fe62310118c6945bd6cdc13575e82c740ac45cda7b32bedadb9a3b
c232eff03aa95331135d5903b60f2363f3e90b00db5c171cbfff6c7a355c14b9
ccf37446ea1ee83a3fce3f04bd63d69bb12d619e8e4c359540df4b94638daf74
ce72692a8ea0dcc8e7e85fc9844da93832c92c5422590f2c4f15523873d2779c
cfbfbea78079ae05fcd0a51fa439d5517957cd936d3b96157d0e8c205864b21e
dadd4eb8336aad0f3f17d60b1c7c009e91c61d31ac77ed8568a71eb4333f8e9a
e34ca2dbdd956b9b64dea86b99374f863317725d6d9cbecd2a94e333db67dcfc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8492b48978e15009a98a852b7b191b43412e72b466c4510592ffc060437fab5
ea7a91ff9d119990bce52cc563714900ea20938e5506245951dd2647045cedf7
f19196444775e821bf3eb6d79f560100b4cd77006d06b4a03f7f0ad0abb3a976

e.weefomal.xyz Open in urlscan Pro 172.67.183.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

31 Requests

100 %HTTPS

43 %IPv6

6 Domains

6 Subdomains

8 IPs

3 Countries

1705 kBTransfer

2908 kBSize

1 Cookies

0 Outgoing links

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

e.weefomal.xyz Open in urlscan Pro
172.67.183.31 Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

1705 kB
Transfer

2908 kB
Size

1
Cookies

31 HTTP transactions
1 data transactions