urlscan.io logo urlscan.io
SecurityTrails logo

bareeqal5alij.hewaaya.com Open in urlscan Pro
172.67.196.105  Public Scan

Go To Rescan Add Verdict Report
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Submission: On December 26 via manual from GB — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 5 countries across 21 domains to perform 68 HTTP transactions. The main IP is 172.67.196.105, located in United States and belongs to CLOUDFLARENET, US. The main domain is bareeqal5alij.hewaaya.com. The Cisco Umbrella rank of the primary domain is 478573.
TLS certificate: Issued by E1 on November 18th 2022. Valid for: 3 months.
This is the only time bareeqal5alij.hewaaya.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 172.67.196.105 13335 (CLOUDFLAR...)
2 172.217.194.95 15169 (GOOGLE)
2 172.253.118.94 15169 (GOOGLE)
10 74.125.24.154 15169 (GOOGLE)
1 46.105.201.240 16276 (OVH)
4 142.250.4.157 15169 (GOOGLE)
1 74.125.68.154 15169 (GOOGLE)
3 142.251.12.155 15169 (GOOGLE)
2 142.250.4.154 15169 (GOOGLE)
1 149.56.240.128 16276 (OVH)
9 74.125.24.132 15169 (GOOGLE)
3 141.101.120.11 13335 (CLOUDFLAR...)
1 74.125.68.147 15169 (GOOGLE)
1 142.250.4.94 15169 (GOOGLE)
1 54.192.116.60 16509 (AMAZON-02)
1 104.26.12.60 13335 (CLOUDFLAR...)
1 104.21.47.181 13335 (CLOUDFLAR...)
1 2 52.74.184.141 16509 (AMAZON-02)
1 1 141.94.171.214 16276 (OVH)
1 104.22.25.87 13335 (CLOUDFLAR...)
1 54.192.116.56 16509 (AMAZON-02)
1 54.192.116.115 16509 (AMAZON-02)
1 2 209.191.163.210 ()
68 23
15    172.67.196.105 (United States)

ASN13335 (CLOUDFLARENET, US)
bareeqal5alij.hewaaya.com
2    172.217.194.95 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f95.1e100.net
fonts.googleapis.com
2    172.253.118.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f94.1e100.net
fonts.gstatic.com
10    74.125.24.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f154.1e100.net
pagead2.googlesyndication.com
1    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
4    142.250.4.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f157.1e100.net
googleads.g.doubleclick.net
1    74.125.68.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f154.1e100.net
partner.googleadservices.com
3    142.251.12.155 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f155.1e100.net
adservice.google.co.nz
www.googletagservices.com
2    142.250.4.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f154.1e100.net
adservice.google.com
1    149.56.240.128 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534296.ip-149-56-240.net
s4.histats.com
9    74.125.24.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f132.1e100.net
tpc.googlesyndication.com
3    141.101.120.11 (None, )

ASN13335 (CLOUDFLARENET, US)
e.dtscout.com
t.dtscout.com
1    74.125.68.147 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f147.1e100.net
www.google.com
1    142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net
www.gstatic.com
1    54.192.116.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-116-60.cgk52.r.cloudfront.net
get.s-onetag.com
1    104.26.12.60 (United States)

ASN13335 (CLOUDFLARENET, US)
t.dtscdn.com
1    104.21.47.181 (None, )

ASN13335 (CLOUDFLARENET, US)
a.dtssrv.com
2    52.74.184.141 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-184-141.ap-southeast-1.compute.amazonaws.com
bcp.crwdcntrl.net
1    141.94.171.214 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-8.cloudy.ovh
pixel.onaudience.com
1    104.22.25.87 (None, )

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
1    54.192.116.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-116-56.cgk52.r.cloudfront.net
onetag-geo.s-onetag.com
1    54.192.116.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-116-115.cgk52.r.cloudfront.net
data-beacons.s-onetag.com
2    209.191.163.210 (None, )

ASN- ()
ap.lijit.com
Apex Domain
Subdomains		 Transfer
19 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 135
tpc.googlesyndication.com — Cisco Umbrella Rank: 185
395 KB
15 hewaaya.com
bareeqal5alij.hewaaya.com — Cisco Umbrella Rank: 478573
121 KB
4 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 64
44 KB
3 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 4572
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 5551
data-beacons.s-onetag.com — Cisco Umbrella Rank: 12076
13 KB
3 dtscout.com
e.dtscout.com — Cisco Umbrella Rank: 13244
t.dtscout.com — Cisco Umbrella Rank: 10613
5 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 129
www.google.com — Cisco Umbrella Rank: 15
2 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
58 KB
2 lijit.com
ap.lijit.com
996 B
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1179
833 B
2 google.co.nz
adservice.google.co.nz — Cisco Umbrella Rank: 64313
957 B
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 13457
s4.histats.com — Cisco Umbrella Rank: 10776
5 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 111
2 KB
1 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 4088
1 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 4248
400 B
1 dtssrv.com
a.dtssrv.com — Cisco Umbrella Rank: 19369
580 B
1 dtscdn.com
t.dtscdn.com — Cisco Umbrella Rank: 11837
586 B
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 225
47 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1055
698 B
0 simpli.fi Failed
um.simpli.fi Failed
0 adsymptotic.com Failed
p.adsymptotic.com Failed
0 liadm.com Failed
i.liadm.com Failed
68 21
Domain Requested by
15 bareeqal5alij.hewaaya.com bareeqal5alij.hewaaya.com
10 pagead2.googlesyndication.com bareeqal5alij.hewaaya.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.googletagservices.com
9 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
bareeqal5alij.hewaaya.com
2 ap.lijit.com 1 redirects
2 bcp.crwdcntrl.net 1 redirects
2 t.dtscout.com e.dtscout.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.co.nz pagead2.googlesyndication.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com bareeqal5alij.hewaaya.com
googleads.g.doubleclick.net
1 data-beacons.s-onetag.com get.s-onetag.com
1 onetag-geo.s-onetag.com get.s-onetag.com
1 spl.zeotap.com
1 pixel.onaudience.com 1 redirects
1 a.dtssrv.com e.dtscout.com
1 t.dtscdn.com e.dtscout.com
1 get.s-onetag.com e.dtscout.com
get.s-onetag.com
1 www.gstatic.com googleads.g.doubleclick.net
1 www.googletagservices.com googleads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 e.dtscout.com s4.histats.com
1 s4.histats.com s10.histats.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 s10.histats.com bareeqal5alij.hewaaya.com
0 um.simpli.fi Failed
0 p.adsymptotic.com Failed
0 i.liadm.com Failed
68 28

This site contains links to these domains. Also see Links.

Domain
www.q2amarket.com
www.question2answer.org
Subject Issuer Validity Valid
*.hewaaya.com
E1		 2022-11-18 -
2023-02-16		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
histats.com
R3		 2022-12-21 -
2023-03-21		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.google.co.nz
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.dtscout.com
GTS CA 1P5		 2022-11-30 -
2023-02-28		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.s-onetag.com
Amazon		 2022-12-04 -
2024-01-02		 a year crt.sh
*.dtscdn.com
GTS CA 1P5		 2022-11-21 -
2023-02-19		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-07-01 -
2023-07-01		 a year crt.sh

This page contains 10 frames:

Primary Page: https://bareeqal5alij.hewaaya.com/user/damagedance0
Frame ID: 3A0B404168054473D37CB02BB738860D
Requests: 40 HTTP requests in this frame

Frame: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672027200
Frame ID: 4D9445EFED039ABCC56AD9F5164FB3D4
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
Frame ID: A27D060EE3EDE1D7FA19E2BB8A44BB9A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1672029862&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1672029861186&bpp=4&bdt=2230&idt=1148&shv=r20221207&mjsv=m202212060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6314637424856&frm=20&pv=2&ga_vid=14122677.1672029862&ga_sid=1672029862&ga_hid=1999981129&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44777876%2C31071250%2C31071259%2C44779793%2C44780792&oid=2&pvsid=2812858576855356&tmod=975341857&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1166
Frame ID: 81E396F9213C9F3B6B98BDAE13B76D99
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 7C6FA9890780AFA8EA5CBF98E506C4AB
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9BA85B8D74146BA682899B069C3BF511
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0C842B945B8DFFD8AD8F8FF46C8E1884
Requests: 2 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=104016720298646139B534A2D13327D4
Frame ID: 1D1A3C772C1AD0A1AEDDE966E5F76A55
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Frame ID: 47E80E20B21E8214C41838E95BCC5AAF
Requests: 1 HTTP requests in this frame

Frame: https://get.s-onetag.com/underground-sync-portal/Portal.html
Frame ID: D38D9FDC5E31220E2BB38359AFEC6547
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

بريق الخليج

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

68
Requests

88 %
HTTPS

0 %
IPv6

21
Domains

28
Subdomains

23
IPs

5
Countries

695 kB
Transfer

1748 kB
Size

23
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55
  • https://bcp.crwdcntrl.net/5/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4 HTTP 302
  • https://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4
Request Chain 56
  • https://pixel.onaudience.com/?partner=137085098&mapped=104016720298646139B534A2D13327D4 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=7a116eb03dcb9f56
Request Chain 62
  • https://ap.lijit.com/readerinfo/v2 HTTP 307
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true

68 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request damagedance0
bareeqal5alij.hewaaya.com/user/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f227a433c6ecb6ed0dac80862dc50a1c8bdc23bc1d7860b1bad782c4b6ff443

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
77f729134b65a8ac-SYD
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 26 Dec 2022 04:44:18 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOroVz%2BfGNjlUkIPLx%2F8xZ2WJc9MKVJuMUoLcd7Tkc17tWMsh1eSlQ27cFIPHGbcTBmEmEOEXYSTGP%2BXyLuQFkwKRGtSwdoxWN6NOBKrPFHZQoX37S5Lg0ExWB5ClkjdENIdlNbxrrwIEJL1"}],"group":"cf-nel","max_age":604800}
server
cloudflare
qa-styles.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/ 		57 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
87078
cf-polished
origSize=72433
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
server
cloudflare
etag
W/"5c3a68b2-11af1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jx439STy6vKVKKReraLs4tloTR%2B%2BcZ%2BlNWMOmHLqAFhS%2B4QPis4rlFFWezxnyXru4L04CjGODiEp3ePlwFDKlYypqBHAym%2FlY5jnOV7%2FP2CgHc5CMv9sNUiP5ma%2FcAFrUh7a8LwDtX2OTRqq"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2678400
cf-ray
77f7291af8d7a8ac-SYD
expires
Tue, 24 Jan 2023 04:33:01 GMT
qa-styles-rtl.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles-rtl.css?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
87078
cf-polished
origSize=7514
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
server
cloudflare
etag
W/"5c3a68b2-1d5a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdaWEG3vCvQ4T2Q1PH%2BMN0mizit5XkL%2Fe2nbkrZKYeNsRSAKjAiSlKaKEojFSoFp%2BHdaWUta5Ehz7M8dUgYCCRXEuzuIIP%2FFA8uGJ1prRguWz9ceGXujN0aaM34DBTHzb8%2Bv4imAmIKg2Usw"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2678400
cf-ray
77f7291af8d8a8ac-SYD
expires
Tue, 24 Jan 2023 04:33:01 GMT
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f95.1e100.net
Software
ESF /
Resource Hash
1604d7fd902f76d2b32dfc2bbdd7a6c6fa0184d5b937af08b546f82701ebb287
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 26 Dec 2022 04:44:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 26 Dec 2022 04:44:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Dec 2022 04:44:19 GMT
rocket-loader.min.js
bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Dec 2022 16:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63a1e484-302c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1gyIqCXdRdDe3rGm3cAOQiOlBOF7K7dc0XOtioCl%2Bb7YMzgop2kl9zNuFhZQ%2B%2FmMHvAzzwa216qtbDShflNOpieQoOQqLtFaCkNJCX1bHDZy1lrGWs1rz6pLEBEyralRKGO0gGeWZdlld35"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
77f7291bec2fa980-SYD
expires
Wed, 28 Dec 2022 04:44:19 GMT
spinner-icon-14x14.gif
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:20 GMT
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:15:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"5c3a66f4-1e65"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMzYDejuFjoTPFSJbonL%2FBaxFw9k9QwXvctKXSWsf1w4AGAhSrutIb0CUElpBjyj69t3JwTVwXgmYLsEA%2B2sFqnC%2BgcHCmCTsNbTPCy%2BCQl02%2BKM1KDrXvNwW5i6aIAfbccRsgUcQaGIvYKS"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
77f729203993a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7781
expires
Wed, 25 Jan 2023 04:44:20 GMT
fontello.woff
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/ 		7 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:20 GMT
cf-cache-status
MISS
last-modified
Mon, 25 Jul 2016 22:01:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"57968c56-1c20"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAMonV4Sb5sSsLBEVjHSStdSd0b7kebnyaprqQWSMNvGXBQDk3uvDdKIBWd4OQiJkDo3VEtGJA7fqZRPsQUoV3we7KvhmSnSDgj8noimTeoXGmM%2BzYlt%2BTSwL0DeKghZ8Z6xVnY4mg74ET28"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
77f729203995a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7200
K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2
fonts.gstatic.com/s/elmessiri/v18/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/elmessiri/v18/K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f94.1e100.net
Software
sffe /
Resource Hash
d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Dec 2022 08:04:49 GMT
x-content-type-options
nosniff
age
506371
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20108
x-xss-protection
0
last-modified
Wed, 07 Dec 2022 18:08:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Dec 2023 08:04:49 GMT
K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2
fonts.gstatic.com/s/elmessiri/v18/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/elmessiri/v18/K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f94.1e100.net
Software
sffe /
Resource Hash
feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 21 Dec 2022 03:25:21 GMT
x-content-type-options
nosniff
age
436739
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23296
x-xss-protection
0
last-modified
Wed, 07 Dec 2022 17:51:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Dec 2023 03:25:21 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		144 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
5e1187bc825d8203f777873a60b36930af308b754dc9f764ad910f6828ddb745
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49447
x-xss-protection
0
server
cafe
etag
1370789979976643276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 26 Dec 2022 04:44:20 GMT
snow-core.js
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/snow-core.js?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:20 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5c3a68b2-94f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMK%2B2FzxQRaW6SO9v8BYnu9nCKmRtjYm%2Fvos27m1wS2ApcYgLsZ5GO7vdSr7fmts0TPslq5EG21YYqGm6%2Br%2Fv30SonfdpqniPngc3hkMBCKmc71NXmgENPQ2jcbmOjAbAYGAmb8Ew8g%2BBKpV"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
77f7292059bca980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 25 Jan 2023 04:44:20 GMT
qa-global.js
bareeqal5alij.hewaaya.com/qa-content/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-content/qa-global.js?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:21 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5c3a68b2-5046"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mvi8QmOK9n2g1fjdoCSfeHyEfylri4MLZHIegUnnuemwPYSYKr5d%2ButfF%2BPlrKckDT2hk7Q%2BYpnk4ChmjmLbnNuaIZ39JUBnLGPyg7g2Hdz4TuwXjyoTgr51Jb1QJu8alit%2F4tvf8sMc70IX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
77f7292059c0a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 25 Jan 2023 04:44:20 GMT
jquery-3.3.1.min.js
bareeqal5alij.hewaaya.com/qa-content/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/qa-content/jquery-3.3.1.min.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/damagedance0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:21 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 07 Sep 2021 18:26:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6137aec4-1538f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oALukFF3qdfltVE5LWbcmgJ4IystCbBJjcW79PQHkT4J9R%2BopN3qQbG7QDe70Qj9Y%2FYp5KAqW6zMbOlvlZwzSfx30neQnnCsO8V6czmKnkQkQqgZSPTsLRp%2B2Blt48DyZcB8bL9UoHSw%2BPhi"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
77f7292059c5a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 25 Jan 2023 04:44:20 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
2df89f5da047a56474dcb3b3064528283a8688ca50b43bddf812864f9038b9cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49644
x-xss-protection
0
server
cafe
etag
8842774967163075737
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 26 Dec 2022 04:44:20 GMT
invisible.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 4D94 		34 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672027200
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1256a4bfc87487adc3f9b254a94cb09480072cff6db7c0afbcc6c3046ea7bd93

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:21 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puhLVEbRhCeEThzu4I4pPg9jMBYE5HCrKRX80bwnAT9I0V3LS0T%2FeRw5Lr3Lgmxl%2BDQO2dlsuMcgw0jN4ZFMrDoD0Vt562A0i81C0dMdMlkyqQwWTyAfZWgK8O4Gsjo%2FNnae%2BYW%2FY7F9nY6B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
77f72928ccdfa980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:41:25 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cacheable
Matched cache
x-cdn-pop-ip
51.254.41.128/25
etag
"-375139978"
content-type
application/javascript; charset=UTF-8
x-cdn-pop
rbx1
accept-ranges
bytes
content-length
4364
x-request-id
968589680
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/ 		356 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
5656acc252f23d1fdd755788e259638c3b9aca29bcb6169547f015518d46b26f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:21 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120017
x-xss-protection
0
server
cafe
etag
15609891131800403423
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 26 Dec 2022 04:44:21 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/ Frame A27D 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f157.1e100.net
Software
cafe /
Resource Hash
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

age
44911
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
br
content-length
4242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Dec 2022 16:15:50 GMT
etag
10353107486223812946
expires
Sun, 08 Jan 2023 16:15:50 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 4D94 		18 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcef4b9f79d2c3f1e3f177c8487c960673631c762c6f39a50d31bf4a4bf2e8e5

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:21 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XozQD19mDOdv6bMhTlTLVbXzI9DZszbgiCQERA1fwwzlQp8ICk8u2nLdbgAChepCnDXcC1shBirbj%2FXeeaNc2pxUCsJAwLmZgPItXRnLAQGyjicQHE%2BRQQ3Q66075f3GQpym4aPsX8Q8R1Pc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
77f7292aaf46a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
77f729134b65a8ac
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 4D94 		2 B
671 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/cv/result/77f729134b65a8ac
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672027200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Dec 2022 04:44:22 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hm8JBzVI%2Bvupb5bDDiZagKC0%2FfvWmDBr6H6zOn%2FjOJ9likVZeNeQfUe8RDyJB%2BiYmnqktGHgKum%2B%2Btd%2B0RjAc1TmOqn6qnlCGLvP3Td1CJgwS18PC5uzbJ45uhIKj23bdmTx2EXM5nVHhpcl"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
77f7292e2beba980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
invisible.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 4D94 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672027200
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd6accd2f066a67f678f36ee7625186f9c4fdf9f8c3d4a16e4a38751c23fbe6d

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:22 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2B%2BuZKKr%2Byio7tzcItgcfH50i8sdUFv9%2Bggbf%2BkyN4MspC1alpd8S7ULxnag9Rh3eROqJH5i0YagC5CqVZLYxGH%2B3o7x5%2FG1upvEUbsvNpsml86Yq9PkMMIupdRlORldC%2F9qZ%2Fy4ULVIYt6%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
77f7292e4c11a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 4D94 		19 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20bf564148540622352eccfaded65fdcf0b28faf14ce52aa9465d3907a80a5e4

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:22 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BolGBlQq%2BAfQCt3Qr1pzxJP1ZkFD2K7lUpTproHFtdvyiCbqgtBp1J%2FLvJHuk5oREW0lmefO4lH8EoKy%2FcWqJ420%2BGQpmFvcyh%2BLUlG3UdRi6IDrFHohuJZOOpMxchF1U2PQoX6d%2BqgHhmy%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
77f7292f6dc1a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cookie.js
partner.googleadservices.com/gampad/ 		389 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=bareeqal5alij.hewaaya.com&callback=_gfp_s_&client=ca-pub-8343227950611411&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
cafe /
Resource Hash
c77564286b699bd482d4b2a649ca69279df33c27276f980d1093b12c6ba41025
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
253
x-xss-protection
0
integrator.js
adservice.google.co.nz/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.nz/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 81E3 		108 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1672029862&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1672029861186&bpp=4&bdt=2230&idt=1148&shv=r20221207&mjsv=m202212060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6314637424856&frm=20&pv=2&ga_vid=14122677.1672029862&ga_sid=1672029862&ga_hid=1999981129&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44777876%2C31071250%2C31071259%2C44779793%2C44780792&oid=2&pvsid=2812858576855356&tmod=975341857&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1166
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f157.1e100.net
Software
cafe /
Resource Hash
98caad6e8dd28e1a269eb9ba57657243c3813b8698dd73b43c1fdf6c2e97dbbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
35790
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 26 Dec 2022 04:44:22 GMT
expires
Mon, 26 Dec 2022 04:44:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
1ba742089888f661adbcca403d020c0a42113944b81ac4438f3adcca03daebe6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12440
x-xss-protection
0
0.php
s4.histats.com/stats/ 		377 B
512 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1672029862367&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-98115940&@b3:1672029862&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
149.56.240.128 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns534296.ip-149-56-240.net
Software
/
Resource Hash
b57e997379cf3a062f8e12ab545e48f647e13c43a62a9f0e93a6dbe5ca32b6f3

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 26 Dec 2022 04:44:23 GMT
Connection
close
Content-Length
377
Content-Type
text/html;charset=UTF-8
77f729134b65a8ac
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 4D94 		2 B
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/cv/result/77f729134b65a8ac
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672027200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Dec 2022 04:44:22 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ObClKIQuSILy%2BRwB8a3e1RVrpXJWUzWojuemDRhW%2BiODekzfOfT2fNZ7nQ3sePbe8f5pNNVTrGGRUMqPY4QYMGhf6nkWIAdJbEbP1opLkJKdHJ5eY0gvMNReWGWQzp24wkGRAe8FoJha2V0q"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
77f72931e892a980-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 26 Dec 2022 04:44:23 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/ 		151 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/reactive_library_fy2021.js?bust=31071250
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
c52eb740d92f6e572baaed056ae29544bfd7ed39b7017024f37fea48e38081d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:23 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52377
x-xss-protection
0
server
cafe
etag
17598963393352605422
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 26 Dec 2022 04:44:23 GMT
integrator.js
adservice.google.co.nz/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.nz/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/ Frame 7C6F 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_fy2021.js?bust=31071250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f157.1e100.net
Software
cafe /
Resource Hash
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

age
26589
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
br
content-length
4242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Dec 2022 21:21:15 GMT
etag
10353107486223812946
expires
Sun, 08 Jan 2023 21:21:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
e.dtscout.com/e/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Requested by
Host: s4.histats.com
URL: https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1672029862367&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-98115940&@b3:1672029862&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&@w
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.101.120.11 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea6313c42bc6226d1ba72912195a57ee98ce27179f0d3bad4555a599189ff285

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:24 GMT
x-t
0.765
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2hSQv8L0YasOE6IVRUylmKHipFuV7kBe%2B06ZcTFDG8u0g3RQwnmIqRHzhNpm%2BGCpwjjswS9fJXGCp63dZ8tuTyUPw3nrBtp4A%2Fm0ZwcNgUho4e%2FTpdQH0VZv0ORi%2F4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
no-cache
x-s
mtl2
cf-ray
77f7293c1c361c56-AKL
expires
Mon, 26 Dec 2022 04:44:23 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9BA8 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

accept-ranges
bytes
age
63913
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 25 Dec 2022 10:59:11 GMT
expires
Mon, 25 Dec 2023 10:59:11 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 0C84 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f147.1e100.net
Software
GSE /
Resource Hash
b9476c5c13081d77d7d4d8e5311509cceecb12caf59e146243b0f7c21214837b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-yylLmuaWdW6vdYwJqmhgxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-yylLmuaWdW6vdYwJqmhgxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 26 Dec 2022 04:44:24 GMT
expires
Mon, 26 Dec 2022 04:44:24 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ Frame 7C6F 		4 KB
717 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f95.1e100.net
Software
ESF /
Resource Hash
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 26 Dec 2022 04:44:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 26 Dec 2022 03:29:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Dec 2022 04:44:24 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7C6F 		2 KB
765 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
cafe /
Resource Hash
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:09:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
2099
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
738
x-xss-protection
0
server
cafe
etag
1394486882873449110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 09 Jan 2023 04:09:25 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 7C6F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C08WhpiapY9CYMMql9QOVjLuQBNfitsFtpu_7r8YQu_ujqvMKEAEg5-e5HmCr7LGF4BigAZ_YycEByAEJqQKgytrWWupJPqgDAcgDywSqBPABT9ApR-kXAOM1aI1qnkveqmdajeH2QiJ4qoGIx_M3oJVy1crXnxLkRiiN5lS6kLAcJo3uwN_nIsnanTo-blgr62IEI7Au7CoW_Qg8K3c2G9OPth2pJZLCzMsv7Ra-uidbzbwWNML7yJFjmMowsPiUeAsW8XtnmEXiHt9M85tj5AEsVlzroBSMP1m4Tw_QPirFMLjKVxBkyvHdNtm6HoEsrzGaxklbQQQaQNuUuC8Zmt8UNO_DFgGx-RLaCBOcXoM8KZ13py8zxGVhRt7RxjA5PwgIfpfQpgulK2P_C5H1Mb1YkPB2MnwWskz5gfftaI2swATZz5L_iASSBQQIBBgBkgUECAUYBKAGLoAHyae2vgKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHAxCtKdIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItODM0MzIyNzk1MDYxMTQxMRgA&sigh=1SeZ2bwqICc&uach_m=[UACH]&cid=CAQSGwDq26N97FzFQYhdoEo2bToeg-5xbUJ5oSOJ3BgBIBM&template_id=484
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 26 Dec 2022 04:44:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 26 Dec 2022 04:44:24 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 7C6F 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
cafe /
Resource Hash
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 25 Dec 2022 10:59:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
63916
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9443
x-xss-protection
0
server
cafe
etag
9828741834572772835
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 08 Jan 2023 10:59:08 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7C6F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 25 Dec 2022 10:59:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
63917
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 08 Jan 2023 10:59:08 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7C6F 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
cafe /
Resource Hash
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 25 Dec 2022 13:07:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
56241
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7480
x-xss-protection
0
server
cafe
etag
15631949847000551034
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 08 Jan 2023 13:07:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7C6F 		153 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
sffe /
Resource Hash
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47725
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1670417373259609"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 26 Dec 2022 04:44:24 GMT
5abbe811e7745ada511aeaa994a13f9f.js
www.gstatic.com/mysidia/ Frame 7C6F 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Dec 2022 11:21:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
149001
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14213
x-xss-protection
0
last-modified
Thu, 08 Dec 2022 23:34:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Fri, 24 Mar 2023 11:21:04 GMT
6592766407814317453
tpc.googlesyndication.com/simgad/13335197275605158671/ Frame 7C6F 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/13335197275605158671/6592766407814317453
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
sffe /
Resource Hash
8836257262b64b168b8c1afda0d4c235d8c3b1313be50669d93fd28d29866ddd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:24 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51899
x-xss-protection
0
last-modified
Mon, 19 Sep 2022 12:07:37 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 26 Dec 2023 04:44:24 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/2357944489013639463/ Frame 7C6F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2357944489013639463/14763004658117789537?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
sffe /
Resource Hash
80f19d54f4ddc466c0a39b4ec70c7bb7b591ad8a549851bee87dc8ffc64f76a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 14:41:22 GMT
x-content-type-options
nosniff
age
568982
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4240
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 16:46:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 19 Dec 2023 14:41:22 GMT
Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
pagead2.googlesyndication.com/bg/ Frame 9BA8 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
sffe /
Resource Hash
264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Dec 2022 18:47:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
294994
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15923
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 22 Dec 2023 18:47:50 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 0C84 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221207&jk=2812858576855356&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
/
t.dtscout.com/idg/ Frame 1D1A 		1 KB
727 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.dtscout.com/idg/?su=104016720298646139B534A2D13327D4
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.101.120.11 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1da0acf41a973b58c6d091e57697cc9678bc709dd84c5fffa0460bd6baeed364

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
77f7293fefd41c56-AKL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 26 Dec 2022 04:44:25 GMT
expires
Mon, 26 Dec 2022 04:44:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zWF04WqqyF0fQN7LWX1EPDU0KG2pSxMNXmLSy57sG%2BiCrJ6zc6v%2FBZYD%2BUSLtAM0Uanzh73q8vFPqM1vmxpOdPNHuNcDk2EC84OiNn1DfeFDD9V2%2FBWBLhV5%2BkKF3M%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
tag.min.js
get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-116-60.cgk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
caf00dccdfb24b237c2e763929bbdbf10d64d66606688390a39c6456fbddb409

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
ePoTNcv0DaSHt0vz0AKUJEI0tBAExaJ3
content-encoding
gzip
via
1.1 abadcc740cb3a709cff4a366c9ac489a.cloudfront.net (CloudFront)
date
Mon, 26 Dec 2022 04:35:12 GMT
last-modified
Thu, 25 Aug 2022 14:07:06 GMT
server
AmazonS3
x-amz-cf-pop
CGK52-C1
age
553
etag
W/"c722c8e06c3a9be75b009576c49f7792"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
d01WIKPuH4kxogFqK9ccmdjmP2ueME_XZasw-_dcnonKkrQpU_qP5w==
/
t.dtscout.com/pv/ 		50 B
375 B 		Script
General
Check archive.org
Download Go to
Full URL
https://t.dtscout.com/pv/?_a=v&_h=bareeqal5alij.hewaaya.com&_ss=46lw6j97vu&_pv=1&_ls=0&_u1=1&_u3=1&_cc=nz&_pl=d&_cbid=6mvc&_cb=_dtspv.c
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.101.120.11 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a608e6bff1c6f4a45a4987d4104d008feb38c74e2daa070d59ba3f4a637b144

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:25 GMT
x-t
0.137
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyLSiQr9AWwnS2W837gNkuBCqC%2Fb0KJBoKfxPRL3ixHiFMAL7XPX2rzt%2B9%2Bnj2UCd7excUgDVzWjzZPpwp60lDtT4SE7G8O6P5VtJyapFvrE51OhWpHSSvjKes%2Fnpx8%3D"}],"group":"cf-nel","max_age":604800}
x-c
0
content-type
application/javascript
cache-control
no-cache
cf-ray
77f7293fefd51c56-AKL
expires
Mon, 26 Dec 2022 04:44:24 GMT
generate_204
tpc.googlesyndication.com/ Frame 9BA8 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?QissBg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f132.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:25 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
truncated
/ Frame 7C6F 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50ffea80124cdb5ef59852b95796562f43cc423967f7933bea181308aae23694

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
/
t.dtscdn.com/widget/ 		0
586 B 		Script
General
Check archive.org
Download Go to
Full URL
https://t.dtscdn.com/widget/?d=104016720298646139B534A2D13327D4&nid=300&p=836148727&t=0&s=1600x1200x24&u=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&r=
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:26 GMT
x-t
1.25
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnQBR2lFeRnNp%2B7MbpZNHWNTba72%2FtRAx2fhOVvjJ2BG9dhgaOxG%2B8Ist1kWDBZpiAnIskCOPHm5vwb1GCChbceflnqTbXUzZkt3JACvzT7STGTiC3slu%2Bn28eL3Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
no-cache
x-server
web14.ny1.dtscdn.com
cf-ray
77f72945a875aae7-SYD
expires
Mon, 26 Dec 2022 02:52:26 GMT
e
a.dtssrv.com/ 		21 B
580 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.dtssrv.com/e?i=104016720298646139B534A2D13327D4
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fdamagedance0&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.47.181 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4db38d63c46aa11424850b6cb1c8462181b76078785d7e4f3d0be1fdd415bcb6

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
cache
date
Mon, 26 Dec 2022 04:44:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zIm6bHy4Az5H9yK0CpsIEFkjYLlL2YisMe93FDlIdKRZ3YaqLmDw09GGbpvIbH4LNeK9kX2uaevGXygQT9CDdWYZSNtONLAu9vei0wOlOfb0lkUOtc1p%2FrxbZrWvE3w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bareeqal5alij.hewaaya.com
cache-control
s-maxage=0
access-control-allow-credentials
true
cf-ray
77f72945ab59a807-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 26 Dec 2022 06:44:25 GMT
tpid=104016720298646139B534A2D13327D4
bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4
  • https://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4
49 B
545 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4
Protocol
H2
Server
52.74.184.141 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-184-141.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Dec 2022 04:44:26 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.42.30.249
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Mon, 26 Dec 2022 04:44:26 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=104016720298646139B534A2D13327D4
cache-control
no-cache
x-server
10.42.17.190
content-length
0
expires
0
/
spl.zeotap.com/
Redirect Chain
  • https://pixel.onaudience.com/?partner=137085098&mapped=104016720298646139B534A2D13327D4
  • https://spl.zeotap.com/?zdid=1332&zcluid=7a116eb03dcb9f56
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spl.zeotap.com/?zdid=1332&zcluid=7a116eb03dcb9f56
Protocol
H2
Server
104.22.25.87 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

location
https://spl.zeotap.com?zdid=1332&zcluid=7a116eb03dcb9f56
content-length
0
/
onetag-geo.s-onetag.com/ 		535 B
942 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.116.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-116-56.cgk52.r.cloudfront.net
Software
/
Resource Hash
a0ef9664ce4745a7141cfee9be2ff66c682596db11fde27129c25e5120b5b490

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Dec 2022 04:44:26 GMT
via
1.1 d5845d4e49f77b7f0c9511096875b3b4.cloudfront.net (CloudFront), 1.1 dbe78e2023474e6ccd1ec5919be26772.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1, CGK52-C1
x-amzn-requestid
0440154d-1baa-4863-8e48-9767d2a64633
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
dvL6qGfYCYcF5-g=
content-length
535
x-amz-cf-id
pZMgNTL0yzEbFXqLPnccCHLGyTGEtqDcYDsYeqGYWM8rlA0A6B0VNA==
Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
pagead2.googlesyndication.com/bg/ Frame 47E8 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/damagedance0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
sffe /
Resource Hash
264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Dec 2022 18:47:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
294996
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15923
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 22 Dec 2023 18:47:50 GMT
dataBeacons.min.js
data-beacons.s-onetag.com/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://data-beacons.s-onetag.com/dataBeacons.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.116.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-116-115.cgk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78009d649db9f062dc6e568dd4f35e634440b36534d063f788f465af1f3397d9

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
qV9NCsYZSqBrcH4UHbD8Pmp65zU2fPAA
content-encoding
gzip
via
1.1 ed61913f04fa69e179f6a284d9021b76.cloudfront.net (CloudFront)
date
Mon, 26 Dec 2022 03:54:47 GMT
last-modified
Thu, 25 Aug 2022 05:23:07 GMT
server
AmazonS3
x-amz-cf-pop
CGK52-C1
age
2981
etag
W/"c0cf56fa6d8f9665d6e8f16542e3ba9e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=3600
x-amz-cf-id
qz8nBt_NCoT6eEhD0f9CB611WmUVKE8Klj9Jnxl2RXekpKtU-ERhUA==
activeview
pagead2.googlesyndication.com/pcs/ Frame 7C6F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuw-6h_1M0GtgAaOLT_URPa276ak1J2ZatTk9pGFAQmCcWlytjV1oT1l46-liKXybL-FLKwRzhdZ4do3-rSFCeVu4-ljYBubfUUxRgNGs8VoDt6ZpXlCGy49vZ6ONXCSRd_Fe8&sai=AMfl-YRlGgOcFauQhgyQ8Ldy1vQwZy1Wwih5Kls5c_c1U8egLTOTqqLQqb4EqjfKzg4QJJgzRQRc0CZah_5Bs8U&sig=Cg0ArKJSzHKxZx00b6dgEAE&cid=CAQSGwDq26N97FzFQYhdoEo2bToeg-5xbUJ5oSOJ3BgBIBM&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1672029864009&rpt=1868&met=mue&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Dec 2022 04:44:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221207&jk=2812858576855356&bg=!S0ilSAzNAAYgquz3AKo7ACkAdvg8WvsgCsN8Y5c_Cay-CsaFH5VhGp8MFpMA6lny3gbl-p-EpZz8KAIAAACJUgAAAARoAQeZArd8tSnxfzEEXSwDRLAl16ZxsyU0_s25ubp0Q_ouwXSzipPmc2fZ6F34v-iOZeLE5Ss7XD3NKSbSo0zbphkVb7AuS5QVDnmnSfvJFmdp46hlru6D1g1jzuwlERzqG8-T8_1Gu7CHwHd8Y_a7b2IukM6m9deuiEj4XRN_b_LGcM2wGwk9fyDudnmD6vA28GXdZ2CGMxwG_u2W_uKtnbobY8QMh2VG0LqYg4qMTUdvivNEZ8RBYLqLuC6-cS4w3Y_r7eSET37NOQ__F62RMKeS2o-DHTzTVgoD00lb_XEnSz9AzEz9EjWBNQxAsuKO8cHVTQr6DP4IuxyXfChbk74jmPnJgEqGrFZfxiGXRhnfRc6xHgWP_ip2AH2RgboRTYzW9aS0NXG58Od_AIbeJoDZhTlaj0WuqMDDWziXpJNGH-2qPf3-qjafvH8QJnPYQESlJZFG87rUJQkHIdhaVH-P69ZEaj-kqLzuCXvcLSu6sfYtJ9Q0EwOiMEkCePlHRkFKq9I_Yq80zT9dl0TtUQA6RBdSqXT8GYEM1D8DFN0nK9Tmny8d_AY1x-PWmJEpMfz74-m7IB1irRp8o49zd1yVeF6F9NzSXkqauK0sJnx537A6AxfbI3Gdzcsz7Z-Fi60By_vQo6oDxvWhFhbSuc_MAoBR-5uFfR6gy4Xqzgt5ddUy2DKWtHNWMR7noNgzkKytClO5t3kibgMXmFYNqtEmwBtry5q83RGBB1tHztiM5i1DP-TwuGRxfR4MaHFTMo6th4WO0QqZxR3shqBXtogCpyy2LyeepejTyx2qFCC_oPU3R4I0xk7_qZ_mQ7jJUhNxAEWYGHsEHqTZNmt3KaO9GGovcn_7EWK1v9EHzjpJS1mRBe-RpegKdotwbsR9VnnPc0q1uC09HMf3E34K76rY9IMvsU7YYUp14g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
v2
ap.lijit.com/readerinfo/
Redirect Chain
  • https://ap.lijit.com/readerinfo/v2
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
41 B
473 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Protocol
HTTP/1.1
Server
209.191.163.210 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
8665202e5c11daa3257243f2d8d8879d23c62afa49bce7ed31477836f39d0e71

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 26 Dec 2022 04:44:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://bareeqal5alij.hewaaya.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4sfo1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61

Redirect headers

Date
Mon, 26 Dec 2022 04:44:28 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Access-Control-Allow-Origin
https://bareeqal5alij.hewaaya.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4sfo1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
59074
i.liadm.com/s/ 		0
0
/
p.adsymptotic.com/d/px/ 		0
0
lj_match
um.simpli.fi/ 		0
0
57333
i.liadm.com/s/ 		0
0
Portal.html
get.s-onetag.com/underground-sync-portal/ Frame D38D 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
i.liadm.com
URL
https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=F4PcESZHtfLrCqAqTNKojmWf&rnd=85634
Domain
p.adsymptotic.com
URL
https://p.adsymptotic.com/d/px/?_pid=15697&_psign=0a885fb568701ac53478d88866a10345&_pu&_puuid=F4PcESZHtfLrCqAqTNKojmWf&_redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D5014%263pid%3D${UUID}&_rand=65466
Domain
um.simpli.fi
URL
https://um.simpli.fi/lj_match?r=44763
Domain
i.liadm.com
URL
https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=F4PcESZHtfLrCqAqTNKojmWf&rnd=85889
Domain
get.s-onetag.com
URL
https://get.s-onetag.com/underground-sync-portal/Portal.html

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| oncontentvisibilityautostatechange object| __cfQR object| _Hasync string| qa_root string| qa_request object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| $ function| jQuery function| qa_reveal function| qa_conceal function| qa_set_inner_html function| qa_set_outer_html function| qa_show_waiting_after function| qa_hide_waiting function| qa_vote_click function| qa_notice_click function| qa_favorite_click function| qa_ajax_post function| qa_ajax_error function| qa_display_rule_show object| qa_element_revealed function| qa_toggle_element function| qa_submit_answer function| qa_submit_comment function| qa_answer_click function| qa_comment_click function| qa_show_comments function| qa_form_params function| qa_scroll_page_to function| qa_title_change function| qa_html_unescape function| qa_html_escape function| qa_tag_click function| qa_tag_hints function| qa_tags_to_html function| qa_caret_from_end function| qa_tag_typed_parts function| qa_category_select function| set_category_description function| qa_submit_wall_post function| qa_wall_post_click function| qa_pm_click object| b number| google_lpabyc boolean| __cfRLUnblockHandlers function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages function| chfh function| chfh2 string| _HST_cntval object| Histats object| GoogleGcLKhOms object| google_llp object| _HistatsCounterGraphics_0_setValues object| a object| cv object| _dtspv object| googletag number| char object| __connect object| google_image_requests object| __underground

23 Cookies

Domain/Path Name / Value
bareeqal5alij.hewaaya.com/ Name: PHPSESSID
Value: kcrod6u1rb0dr1a9h0lhsvbm1o
bareeqal5alij.hewaaya.com/ Name: qa_key
Value: g625azmu6db6urpd9dqoa8o08gcrixwg
bareeqal5alij.hewaaya.com/ Name: HstCfa4631733
Value: 1672029862367
bareeqal5alij.hewaaya.com/ Name: HstCla4631733
Value: 1672029862367
bareeqal5alij.hewaaya.com/ Name: HstCmu4631733
Value: 1672029862367
bareeqal5alij.hewaaya.com/ Name: HstPn4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstPt4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstCnv4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstCns4631733
Value: 1
.hewaaya.com/ Name: __cf_bm
Value: 4AyaglkpXSKjAAiOkxkGkiVRn916Iu1k__kCEMc6JK0-1672029862-0-AeTg55y07Gx65GhvNut50cSqXUww2f+cFVdgMGBRfBug6ZTGrO/Gh4cJc5kDvXdKqCS/cfEfyTIVupnTYLyIWzc1slMm3mK/3dEEaP2MI2Xax9ayaPh+Bcy4D8Pp6Y8xqMLJpbMorYXJ24GU52J+4oM=
.hewaaya.com/ Name: __gads
Value: ID=d4568a5ce3741b1f-22df086008d90018:T=1672029863:RT=1672029863:S=ALNI_MbH1uqkWwEbU3PRfrC8KX7F2TsV9A
.hewaaya.com/ Name: __gpi
Value: UID=00000b97a49a5019:T=1672029863:RT=1672029863:S=ALNI_MYlYLDlgGuUAefBTyA5vbORwap3rA
.doubleclick.net/ Name: IDE
Value: AHWqTUnczkk-K9gQiL3btfcPdUnpnU1_A1VZGeQufweq1SgjHrjZ4CrzES3eQLehjM8
.dtscout.com/ Name: m
Value: 1
.dtscout.com/ Name: oa
Value: 1
.dtscout.com/ Name: df
Value: 1672029864
.dtscout.com/ Name: l
Value: 104016720298646139B534A2D13327D4
.hewaaya.com/ Name: __dtsu
Value: 104016720298646139B534A2D13327D4
.dtscdn.com/ Name: uid
Value: 104016720298646139B534A2D13327D4
.crwdcntrl.net/ Name: _cc_dc
Value: 2
.crwdcntrl.net/ Name: _cc_id
Value: deb9b4b0be15de1ad0276440ff39fb76
.onaudience.com/ Name: cookie
Value: 7a116eb03dcb9f56
.onaudience.com/ Name: done_redirects219
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.dtssrv.com
adservice.google.co.nz
adservice.google.com
ap.lijit.com
bareeqal5alij.hewaaya.com
bcp.crwdcntrl.net
data-beacons.s-onetag.com
e.dtscout.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
googleads.g.doubleclick.net
i.liadm.com
onetag-geo.s-onetag.com
p.adsymptotic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.onaudience.com
s10.histats.com
s4.histats.com
spl.zeotap.com
t.dtscdn.com
t.dtscout.com
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googletagservices.com
www.gstatic.com
get.s-onetag.com
i.liadm.com
p.adsymptotic.com
um.simpli.fi
104.21.47.181
104.22.25.87
104.26.12.60
141.101.120.11
141.94.171.214
142.250.4.154
142.250.4.157
142.250.4.94
142.251.12.155
149.56.240.128
172.217.194.95
172.253.118.94
172.67.196.105
209.191.163.210
46.105.201.240
52.74.184.141
54.192.116.115
54.192.116.56
54.192.116.60
74.125.24.132
74.125.24.154
74.125.68.147
74.125.68.154
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
1256a4bfc87487adc3f9b254a94cb09480072cff6db7c0afbcc6c3046ea7bd93
1604d7fd902f76d2b32dfc2bbdd7a6c6fa0184d5b937af08b546f82701ebb287
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1ba742089888f661adbcca403d020c0a42113944b81ac4438f3adcca03daebe6
1da0acf41a973b58c6d091e57697cc9678bc709dd84c5fffa0460bd6baeed364
20bf564148540622352eccfaded65fdcf0b28faf14ce52aa9465d3907a80a5e4
264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2df89f5da047a56474dcb3b3064528283a8688ca50b43bddf812864f9038b9cc
2f227a433c6ecb6ed0dac80862dc50a1c8bdc23bc1d7860b1bad782c4b6ff443
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2
3a608e6bff1c6f4a45a4987d4104d008feb38c74e2daa070d59ba3f4a637b144
4db38d63c46aa11424850b6cb1c8462181b76078785d7e4f3d0be1fdd415bcb6
50ffea80124cdb5ef59852b95796562f43cc423967f7933bea181308aae23694
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5656acc252f23d1fdd755788e259638c3b9aca29bcb6169547f015518d46b26f
5e1187bc825d8203f777873a60b36930af308b754dc9f764ad910f6828ddb745
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
78009d649db9f062dc6e568dd4f35e634440b36534d063f788f465af1f3397d9
80f19d54f4ddc466c0a39b4ec70c7bb7b591ad8a549851bee87dc8ffc64f76a3
8665202e5c11daa3257243f2d8d8879d23c62afa49bce7ed31477836f39d0e71
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
8836257262b64b168b8c1afda0d4c235d8c3b1313be50669d93fd28d29866ddd
8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5
98caad6e8dd28e1a269eb9ba57657243c3813b8698dd73b43c1fdf6c2e97dbbc
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a0ef9664ce4745a7141cfee9be2ff66c682596db11fde27129c25e5120b5b490
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
b57e997379cf3a062f8e12ab545e48f647e13c43a62a9f0e93a6dbe5ca32b6f3
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3
b9476c5c13081d77d7d4d8e5311509cceecb12caf59e146243b0f7c21214837b
bcef4b9f79d2c3f1e3f177c8487c960673631c762c6f39a50d31bf4a4bf2e8e5
c52eb740d92f6e572baaed056ae29544bfd7ed39b7017024f37fea48e38081d8
c77564286b699bd482d4b2a649ca69279df33c27276f980d1093b12c6ba41025
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
caf00dccdfb24b237c2e763929bbdbf10d64d66606688390a39c6456fbddb409
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
dd6accd2f066a67f678f36ee7625186f9c4fdf9f8c3d4a16e4a38751c23fbe6d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea6313c42bc6226d1ba72912195a57ee98ce27179f0d3bad4555a599189ff285
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c