urlscan.io logo urlscan.io
SecurityTrails logo

www.carsome.my Open in urlscan Pro
104.18.24.224  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.carsome.my//carsome/-certified
Effective URL: https://www.carsome.my//carsome/-certified
Submission: On September 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 34 IPs in 7 countries across 26 domains to perform 90 HTTP transactions. The main IP is 104.18.24.224, located in and belongs to CLOUDFLARENET, US. The main domain is www.carsome.my. The Cisco Umbrella rank of the primary domain is 703804.
TLS certificate: Issued by WE1 on August 16th 2024. Valid for: 3 months.
This is the only time www.carsome.my was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 104.18.24.224 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 13.35.58.148 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.66.102.11 16509 (AMAZON-02)
1 3.161.82.96 ()
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.18.3 15169 (GOOGLE)
2 54.203.25.147 16509 (AMAZON-02)
1 13.32.27.54 16509 (AMAZON-02)
1 2a02:6ea0:c70... 60068 (CDN77 _)
2 34.120.193.242 396982 (GOOGLE-CL...)
3 157.240.0.6 32934 (FACEBOOK)
2 2620:1ec:33::10 8075 (MICROSOFT...)
2 2620:1ec:bdf::45 8075 (MICROSOFT...)
1 146.75.120.157 54113 (FASTLY)
2 2a00:1288:80:... 203220 (YAHOO-DEB)
5 23.213.161.196 20940 (AKAMAI-ASN1)
4 2a03:2880:f17... 32934 (FACEBOOK)
1 172.66.0.227 13335 (CLOUDFLAR...)
1 104.244.42.195 13414 (TWITTER)
1 4 103.132.192.30 138552 (RTBHOUSE-...)
1 54.171.122.26 16509 (AMAZON-02)
2 23.96.124.156 8075 (MICROSOFT...)
1 35.227.196.165 15169 (GOOGLE)
1 51.89.234.134 16276 (OVH)
10 2600:9000:26e... ()
1 2 185.89.210.90 29990 (ASN-APPNEX)
90 34
18    104.18.24.224 (None, )

ASN13335 (CLOUDFLARENET, US)
www.carsome.my
b2c-cdn.carsome.my
capig.carsome.my
1    2a00:1450:400c:c09::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
10    13.35.58.148 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-148.fra60.r.cloudfront.net
cdn.segment.com
2    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.recaptcha.net
1    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net
static.hotjar.com
1    3.161.82.96 (United States)

ASN- ()
PTR: server-3-161-82-96.fra56.r.cloudfront.net
cdn.moengage.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
td.doubleclick.net
1    172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f3.1e100.net
www.google.de
2    54.203.25.147 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-25-147.us-west-2.compute.amazonaws.com
api.segment.io
1    13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net
script.hotjar.com
1    2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
tags.creativecdn.com
2    34.120.193.242 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.193.120.34.bc.googleusercontent.com
www.icarasia.com
3    157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net
connect.facebook.net
2    2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
5    23.213.161.196 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-196.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
4    103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net
asia.creativecdn.com
1    54.171.122.26 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-122-26.eu-west-1.compute.amazonaws.com
sp.analytics.yahoo.com
2    23.96.124.156 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
w.clarity.ms
1    35.227.196.165 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 165.196.227.35.bc.googleusercontent.com
paths.carsome.my
1    51.89.234.134 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns31195920.ip-51-89-234.eu
logo.page-source.com
10    2600:9000:26e8:3400:1b:c0b3:adc0:93a1 (United States)

ASN- ()
sdk-01.moengage.com
2    185.89.210.90 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
Apex Domain
Subdomains		 Transfer
19 carsome.my
www.carsome.my — Cisco Umbrella Rank: 703804
b2c-cdn.carsome.my — Cisco Umbrella Rank: 713224
capig.carsome.my
paths.carsome.my
878 KB
11 moengage.com
cdn.moengage.com — Cisco Umbrella Rank: 23274
sdk-01.moengage.com — Cisco Umbrella Rank: 5865
72 KB
10 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1827
128 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 801
138 KB
5 creativecdn.com
tags.creativecdn.com — Cisco Umbrella Rank: 6635
asia.creativecdn.com — Cisco Umbrella Rank: 24170
4 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 106
4 KB
4 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 682
w.clarity.ms — Cisco Umbrella Rank: 9457
29 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 178
153 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 270
2 KB
2 yimg.com
s.yimg.com — Cisco Umbrella Rank: 758
8 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 361
15 KB
2 icarasia.com
www.icarasia.com — Cisco Umbrella Rank: 257343
1 KB
2 segment.io
api.segment.io — Cisco Umbrella Rank: 1402
347 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 130
td.doubleclick.net — Cisco Umbrella Rank: 189
254 B
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 816
script.hotjar.com — Cisco Umbrella Rank: 1029
62 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
226 KB
2 recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1218
2 KB
2 google.com
accounts.google.com — Cisco Umbrella Rank: 16
region1.analytics.google.com — Cisco Umbrella Rank: 4054
86 KB
1 page-source.com
logo.page-source.com — Cisco Umbrella Rank: 620388
120 B
1 yahoo.com
sp.analytics.yahoo.com — Cisco Umbrella Rank: 1617
508 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 932
725 B
1 t.co
t.co — Cisco Umbrella Rank: 834
629 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 875
15 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 10137
63 B
1 gstatic.com
www.gstatic.com
215 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 670
7 KB
90 26
Domain Requested by
14 www.carsome.my www.carsome.my
static.cloudflareinsights.com
10 sdk-01.moengage.com cdn.moengage.com
10 cdn.segment.com www.carsome.my
cdn.segment.com
5 analytics.tiktok.com www.carsome.my
analytics.tiktok.com
4 asia.creativecdn.com 1 redirects tags.creativecdn.com
4 www.facebook.com www.carsome.my
3 connect.facebook.net www.googletagmanager.com
connect.facebook.net
3 b2c-cdn.carsome.my www.carsome.my
2 ib.adnxs.com 1 redirects
2 w.clarity.ms www.clarity.ms
2 s.yimg.com www.carsome.my
s.yimg.com
2 www.clarity.ms www.googletagmanager.com
www.clarity.ms
2 bat.bing.com www.googletagmanager.com
bat.bing.com
2 www.icarasia.com www.carsome.my
paths.carsome.my
2 api.segment.io cdn.segment.com
2 www.googletagmanager.com cdn.segment.com
2 www.recaptcha.net www.carsome.my
www.gstatic.com
1 logo.page-source.com
1 paths.carsome.my www.icarasia.com
1 sp.analytics.yahoo.com www.carsome.my
1 capig.carsome.my connect.facebook.net
1 analytics.twitter.com www.carsome.my
1 t.co www.carsome.my
1 static.ads-twitter.com www.googletagmanager.com
1 tags.creativecdn.com www.carsome.my
1 script.hotjar.com static.hotjar.com
1 www.google.de www.carsome.my
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 cdn.moengage.com cdn.segment.com
1 static.hotjar.com cdn.segment.com
1 www.gstatic.com www.recaptcha.net
1 static.cloudflareinsights.com www.carsome.my
1 accounts.google.com www.carsome.my
90 35
Subject Issuer Validity Valid
carsome.my
WE1		 2024-08-16 -
2024-11-14		 3 months crt.sh
accounts.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-09-03 -
2024-12-02		 3 months crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
misc.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.moengage.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.doubleclick.net
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google.de
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.segment.io
Amazon RSA 2048 M03		 2023-12-13 -
2025-01-11		 a year crt.sh
1589314308.rsc.cdn77.org
E5		 2024-08-07 -
2024-11-05		 3 months crt.sh
*.icarasia.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-03 -
2024-10-02		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-06-28 -
2024-09-26		 3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-04 -
2025-09-04		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-25 -
2025-06-24		 a year crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-08-26 -
2024-10-16		 2 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
t.co
E6		 2024-07-31 -
2024-10-29		 3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
*.creativecdn.com
RapidSSL TLS RSA CA G1		 2024-04-05 -
2025-04-30		 a year crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-07-30 -
2025-01-22		 6 months crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08		 2024-06-23 -
2025-06-18		 a year crt.sh
paths.carsome.my
WR3		 2024-09-12 -
2024-12-11		 3 months crt.sh
*.page-source.com
Sectigo RSA Domain Validation Secure Server CA		 2024-01-15 -
2025-02-14		 a year crt.sh

This page contains 5 frames:

Primary Page: https://www.carsome.my//carsome/-certified
Frame ID: D81D2C015A8B1A23F5834F68717C0F2B
Requests: 85 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY&co=aHR0cHM6Ly93d3cuY2Fyc29tZS5teTo0NDM.&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=z8guu1k3820e
Frame ID: 9EC7AEC2C1904225E2A9178AB9A3C39D
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-L3ZY5XJB08&gacid=1448060516.1726620469&gtm=45je4990v867673431za200&dma=1&dma_cps=syphamo&gcd=13l3lPl2l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=366645300
Frame ID: 1455B699630C1C9D9DEFC784C06128FC
Requests: 1 HTTP requests in this frame

Frame: https://asia.creativecdn.com/ig-membership?ntk=37j-B4oJAIt_9zTL3zUQPiWuSb6y7Sei7GIxZZ9CMtV34495-uRm8dt1HkwDWtmxZs95RRtUVyGiwCIJ6rVeS2pyqNAm4YL9fWVjbl7rOtc
Frame ID: F538FD74026F8A7D64239D7FAB04CD26
Requests: 1 HTTP requests in this frame

Frame: https://asia.creativecdn.com/topics-membership?ntk=eLUZdotD5P1lLU_4iGIdftiolLx3vZdETn4LYsZpYrPk6bnG44weDq0WzYaNkAmFUKGNROibmPetp_pn5bW1t5bPRgLj4ofcwnObymuuaHE
Frame ID: 5462DE103BD9261481751C29B1349F3B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Carsome - #1 Online Used Cars Buying & Selling Platform

Page URL History Show full URLs

  1. http://www.carsome.my//carsome/-certified HTTP 307
    https://www.carsome.my//carsome/-certified Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • paths(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <div data-app[^>]+class="v-application
Overall confidence: 100%
Detected patterns
  • <div [^>]*id="__nuxt"
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • cdn\.moengage\.\w+
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

90
Requests

94 %
HTTPS

42 %
IPv6

26
Domains

35
Subdomains

34
IPs

7
Countries

2046 kB
Transfer

6604 kB
Size

33
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.carsome.my//carsome/-certified HTTP 307
    https://www.carsome.my//carsome/-certified Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57
  • https://asia.creativecdn.com/tags/v2?type=json HTTP 307
  • https://asia.creativecdn.com/tags/v2?type=json&tc=1
Request Chain 80
  • https://ib.adnxs.com/setuid?entity=315&code=rU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D315%26code%3DrU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8

90 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request -certified
www.carsome.my//carsome/
Redirect Chain
  • http://www.carsome.my//carsome/-certified
  • https://www.carsome.my//carsome/-certified
52 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
848a01c97f3c1de5de1dc7fd45e1b8b1b588fccfb8cfbaf1f306580301d23936
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8c4d539bca855902-TXL
content-encoding
br
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
content-security-policy-report-only
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=JzX0rIplEtHj6MS9Jod3pDF_JXdSwZRwR8AgnTkdxvA-1726620466-1.0.1.1-QbAS0BI6k9MOKEoxAEGiPymg6D8bl_Dx5X6XFFzwqDGPoAESkZfr33fk.ASZ5_vtKCJpeUZrvWO.uUtkNMm7.RdwavJkjkTYW5D_lM8EeaTSiyag0ssZ.kvIreeFNs5uWAKoiyb75p2n4mWPXq9tCw; report-to cf-csp-endpoint
content-type
text/html; charset=utf-8
date
Wed, 18 Sep 2024 00:47:46 GMT
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=JzX0rIplEtHj6MS9Jod3pDF_JXdSwZRwR8AgnTkdxvA-1726620466-1.0.1.1-QbAS0BI6k9MOKEoxAEGiPymg6D8bl_Dx5X6XFFzwqDGPoAESkZfr33fk.ASZ5_vtKCJpeUZrvWO.uUtkNMm7.RdwavJkjkTYW5D_lM8EeaTSiyag0ssZ.kvIreeFNs5uWAKoiyb75p2n4mWPXq9tCw"}],"group":"cf-csp-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Location
https://www.carsome.my//carsome/-certified
Non-Authoritative-Reason
HttpsUpgrades
client
accounts.google.com/gsi/ 		228 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
93e36b3ed3b372c9ba461a362092e5490ba1d6d758fbe04bebb217aebc5eadc4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sXwkXMMdtyrK40U_3Gt3Yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-sXwkXMMdtyrK40U_3Gt3Yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Wed, 18 Sep 2024 00:47:47 GMT
4ca52c7.js
www.carsome.my/_nuxt/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/4ca52c7.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
637caf9bc12ecd4e62fe94aaf283b0ec90fb43b6f907e6f54f85bc11b5420eea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165747
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 12 Sep 2024 11:12:52 GMT
server
cloudflare
etag
W/"4a03-191e5ef9f20"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e625902-TXL
expires
Thu, 18 Sep 2025 00:47:46 GMT
424a1ae.js
www.carsome.my/_nuxt/ 		275 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/424a1ae.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
139c1eb72a4ca975baafbaee2500adec67a0e0105366b0892f2f5bea20deec30
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165747
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 29 Aug 2024 09:57:13 GMT
server
cloudflare
etag
W/"44d23-1919d9154a8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e635902-TXL
expires
Thu, 18 Sep 2025 00:47:46 GMT
f173460.css
www.carsome.my/_nuxt/css/ 		282 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/css/f173460.css
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f49acc815524e0ace8e898028845fe62fcdbca05a34d012b469a4152bef0e99
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
last-modified
Wed, 21 Aug 2024 10:32:22 GMT
server
cloudflare
cf-cache-status
HIT
etag
W/"4685b-191747ea2f0"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e665902-TXL
alt-svc
h3=":443"; ma=86400
expires
Thu, 18 Sep 2025 00:47:46 GMT
af4cb84.js
www.carsome.my/_nuxt/ 		951 KB
279 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/af4cb84.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8d2e2667a67f8814ffa08717f990cc58b354afa54656cc7e05bc785bdaeb2d7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165747
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 29 Aug 2024 09:57:14 GMT
server
cloudflare
etag
W/"edbda-1919d915890"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e685902-TXL
expires
Thu, 18 Sep 2025 00:47:46 GMT
51b1da7.css
www.carsome.my/_nuxt/css/ 		127 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/css/51b1da7.css
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
056cf0cbd51ef13cb8c90cc633f5d95d98d9ba613f307038dbc7005fb37556dd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165747
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 29 Aug 2024 09:57:13 GMT
server
cloudflare
etag
W/"1fd69-1919d9154a8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e6a5902-TXL
expires
Thu, 18 Sep 2025 00:47:46 GMT
1468251.js
www.carsome.my/_nuxt/ 		1 MB
257 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/1468251.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50338e59dc30ff0168d449f48ad4611ee85c6127c3d9c44697b000d90e4b984c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165747
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 12 Sep 2024 11:12:52 GMT
server
cloudflare
etag
W/"101da2-191e5ef9f20"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
cf-ray
8c4d539e5e6b5902-TXL
expires
Thu, 18 Sep 2025 00:47:46 GMT
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer
https://www.carsome.my/
Origin
https://www.carsome.my
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
server
cloudflare
etag
W/"2024.6.1"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
8c4d539efb419a18-FRA
logo-carsome.b9420c8.svg
www.carsome.my/_nuxt/img/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.carsome.my/_nuxt/img/logo-carsome.b9420c8.svg
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/css/51b1da7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26397f0fdf724d56f81b544880d1b414e045af75433bdb0696d883184eeb8935
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/_nuxt/css/51b1da7.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 23 Nov 2023 11:07:20 GMT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
165748
etag
W/"15bd-18bfbdce640"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
8c4d539fc8705902-TXL
alt-svc
h3=":443"; ma=86400
expires
Thu, 18 Sep 2025 00:47:47 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb544ce53334eaba1b5d4c8c6a303fb3a065b7efc0b2665d4c7465aa0b256406

Request headers

Referer
Origin
https://www.carsome.my
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
error-page.bcba972.svg
www.carsome.my/_nuxt/img/ 		39 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.carsome.my/_nuxt/img/error-page.bcba972.svg
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/css/51b1da7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2de73ff368da41053c9019deb6d84cc7071301f4aad1abfe96b6605294046f26
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/_nuxt/css/51b1da7.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
last-modified
Thu, 12 Sep 2024 11:12:52 GMT
server
cloudflare
cf-cache-status
HIT
etag
W/"9b74-191e5ef9f20"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
8c4d539fc8745902-TXL
alt-svc
h3=":443"; ma=86400
expires
Thu, 18 Sep 2025 00:47:47 GMT
footer-logo.7b52e13.svg
www.carsome.my/_nuxt/img/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.carsome.my/_nuxt/img/footer-logo.7b52e13.svg
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/css/51b1da7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29acc0c824e522523519edcf3f78875b24cd29939bac647d18e020c7b63675dc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/_nuxt/css/51b1da7.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165748
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 21 Aug 2024 10:32:22 GMT
server
cloudflare
etag
W/"1577-191747ea2f0"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
8c4d539fc8755902-TXL
expires
Thu, 18 Sep 2025 00:47:47 GMT
Roboto-Bold.2b0452b.woff2
www.carsome.my/_nuxt/fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/fonts/Roboto-Bold.2b0452b.woff2
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/css/51b1da7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ba1d158b3dfd5936e9793954401c547a2a96ec7fd25c2c80ce2f22b7cb90545
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/_nuxt/css/51b1da7.css
Origin
https://www.carsome.my
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
age
165748
alt-svc
h3=":443"; ma=86400
content-length
64532
last-modified
Wed, 21 Aug 2024 10:32:22 GMT
server
cloudflare
etag
W/"fc14-191747ea2f0"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8c4d539fd8855902-TXL
expires
Thu, 18 Sep 2025 00:47:47 GMT
Roboto-Regular.0cf6569.woff2
www.carsome.my/_nuxt/fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/_nuxt/fonts/Roboto-Regular.0cf6569.woff2
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/css/51b1da7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b9f4b6894c43b1ad68c54790e1b7d0f3aa0947b3fff960452ea6d8e172b4683
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/_nuxt/css/51b1da7.css
Origin
https://www.carsome.my
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
age
165748
alt-svc
h3=":443"; ma=86400
content-length
64692
last-modified
Thu, 29 Feb 2024 12:46:13 GMT
server
cloudflare
etag
W/"fcb4-18df4e6a608"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8c4d539fd8875902-TXL
expires
Thu, 18 Sep 2025 00:47:47 GMT
App_App_Gallery_a709f3815d.png
b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/App_App_Gallery_a709f3815d.png
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c9f191e479fc11301aca9300929f1d0c042ed295109c551dae05653d199d78b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc
h3=":443"; ma=86400
content-length
1192
cf-resized
internal=ok/h q=0 n=10+13 c=0+13 v=2024.9.1 l=1192 f=false
last-modified
Mon, 04 Sep 2023 11:19:29 GMT
cf-bgj
imgq:40,h2pri
server
cloudflare
etag
"cfWFF1BDk-MVhpie9bFN7DKqsMHdCDZe7VWgWuzUSsDQ:0fe74a6ee7e72d5420ba9e0297d408f2"
vary
Accept, Accept-Encoding
content-type
image/avif
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8c4d539fe89f5902-TXL
App_App_Store_95f4753364.png
b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/App_App_Store_95f4753364.png
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6cda198fdd25f0e104943de38d43a926c71a7c6ee8c501f3f2a263ac5956112
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc
h3=":443"; ma=86400
content-length
1181
cf-resized
internal=ram/h q=0 n=0+12 c=0+12 v=2024.9.1 l=1181 f=false
last-modified
Mon, 04 Sep 2023 11:19:29 GMT
cf-bgj
imgq:40,h2pri
server
cloudflare
etag
"cfZX-LK409szNQUdpeZlL0pslsHdCDZe7VWgWuzUSsDQ:225cdedc2207bed669e38e81dc85e87c"
vary
Accept, Accept-Encoding
content-type
image/avif
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8c4d539fe8a15902-TXL
App_Google_Play_ea1be9185e.png
b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b2c-cdn.carsome.my/cdn-cgi/image/format=auto,quality=40,width=128/Consumer/App_Google_Play_ea1be9185e.png
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4cba3d51e707f32e99b7c7a527a81399a42fefaebfd80b9ade88c3d56c07c1d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc
h3=":443"; ma=86400
content-length
1180
cf-resized
internal=ok/h q=0 n=20+13 c=0+13 v=2024.9.1 l=1180 f=false
last-modified
Mon, 04 Sep 2023 11:19:30 GMT
cf-bgj
imgq:40,h2pri
server
cloudflare
etag
"cfXSHJVWUDLo0VawmhzJl_RFQFHdCDZe7VWgWuzUSsDQ:7f80a3a5c47790b19e83dc4f751b7b72"
vary
Accept, Accept-Encoding
content-type
image/avif
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8c4d539fe89d5902-TXL
analytics.min.js
cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/1468251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee081424572d5bd4d00172cc5ed82801d0b2f63cbf741b093b41a2ea71f355cb

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
lsaRcmd13jNhEMJWGBoR46qPyxQBaBz8
content-encoding
br
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
date
Wed, 18 Sep 2024 00:47:48 GMT
x-amz-cf-pop
FRA60-P10
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 29 Jul 2024 21:04:01 GMT
server
AmazonS3
etag
W/"5ef70affedaae73aac447ea04092de78"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
G0mEyBts3XfrlQkptJCSbQaBJYMF1UG2AQILlNHyv7fKxoh9NmAIqA==
api.js
www.recaptcha.net/recaptcha/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api.js?render=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY
Requested by
Host: www.carsome.my
URL: https://www.carsome.my/_nuxt/1468251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
92b6fd2004a3ea0d6696872a1ad873c89aa55b9363f91bd75a83eca94135ee3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
expires
Wed, 18 Sep 2024 00:47:47 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b66e4c84dcb88f0332325269dfe92459487ff2f2d873f3257df9d707313624de

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
recaptcha__de.js
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 		541 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js?render=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
Origin
https://www.carsome.my
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:05:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2520
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
219302
x-xss-protection
0
last-modified
Tue, 03 Sep 2024 02:00:38 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 18 Sep 2025 00:05:47 GMT
anchor
www.recaptcha.net/recaptcha/api2/ Frame 9EC7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY&co=aHR0cHM6Ly93d3cuY2Fyc29tZS5teTo0NDM.&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=z8guu1k3820e
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Crd7utqSZfrM6g2LUIOEoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Crd7utqSZfrM6g2LUIOEoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 18 Sep 2024 00:47:47 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
settings
cdn.segment.com/v1/projects/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2ccd5d9e36724d1a0b16b72f781046396919d4352f9f6dc7c6ba898de2d98c30

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
jNpzQsPgQQdRpVg6NvMrwWOuLv1CVgyY
content-encoding
br
via
1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
date
Wed, 18 Sep 2024 00:18:03 GMT
x-amz-cf-pop
FRA60-P10
age
1786
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 10 Sep 2024 18:55:17 GMT
server
AmazonS3
etag
W/"1e371673531acdcd138d6b5c3f32d0fb"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
A1uJ9tAz4ptvmv617pjM-rvC0iWeNdNQyR1Ylh64B-7s4F8LunsOUg==
ajs-destination.bundle.ed53a26b6edc80c65d73.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 16:03:12 GMT
x-amz-version-id
a92RueFpwWNG4YB0W.6QPKGdauE3iLaV
content-encoding
br
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
age
1068277
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 03 Sep 2024 19:49:17 GMT
server
AmazonS3
etag
W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
6T0GiybRaUhE8Li9xl7oW7UvoqORItbmu4kUQJKswDaUQgxjodJDYA==
schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 16:03:19 GMT
x-amz-version-id
vP0unh.TjiFaIe3QG8FvwWCBqNSPg0tw
content-encoding
br
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
age
1068270
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 03 Sep 2024 19:49:17 GMT
server
AmazonS3
etag
W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
XW96IosSx15fPiAy1eCkC0yEfRgFEuyUcrded5rTAiAe8n2R67FUGQ==
4d7f6070b0e1daea34c5.js
cdn.segment.com/next-integrations/actions/google-analytics-4-web/ 		196 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/actions/google-analytics-4-web/4d7f6070b0e1daea34c5.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5c4d8c00fe14c33a1257d33e8b2e9283e1e2da257ac5fc99508d98a159c916ab

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
aBfvqXVayGMp3HovTOSIZSMxr8AxdmXH
content-encoding
br
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
date
Tue, 17 Sep 2024 03:08:33 GMT
x-amz-cf-pop
FRA60-P10
age
84920
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 26 Aug 2024 16:53:04 GMT
server
AmazonS3
etag
W/"7b9f4c781f47b01327441065a482c3bf"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
e1PileCdw012B3PJaaiz1TETzP_56pZjS_wlUl4DsTUD6IHFVtvRfQ==
2d04d1da143afcea0dd4.js
cdn.segment.com/next-integrations/actions/845/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/actions/845/2d04d1da143afcea0dd4.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/actions/google-analytics-4-web/4d7f6070b0e1daea34c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b7e53364e9ce809efb26e4c77588cec41310f5debaa49a003e0be4e0b71adb08

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
dZhbdNXu15gmtS7se1lc5TSjsNvqRg9U
content-encoding
br
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
date
Tue, 17 Sep 2024 02:32:37 GMT
x-amz-cf-pop
FRA60-P10
age
84976
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 26 Aug 2024 16:53:01 GMT
server
AmazonS3
etag
W/"3d84aa516e4818a6f28f1cad3a20212d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
xDfmGnELRGZba4FsuDQVOHuKOZ_ZEiTC6xfV5xvzT3ZbWuJrSAu57Q==
moengage.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/moengage/1.0.8/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/moengage/1.0.8/moengage.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7725d2a5ffa7eeb36483999e23ce69dfc5d53e19792784d60b61fb616d03c268

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 01:02:55 GMT
content-encoding
gzip
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-version-id
K6vAxvqNeognid6dLLAprVyAHqxW2Z3J
x-amz-cf-pop
FRA60-P10
age
1035894
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1603
last-modified
Thu, 08 Aug 2024 06:57:15 GMT
server
AmazonS3
etag
"cade70d48ac53f25ecf6bfef4cf37564"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
bJaR546VFugohB0txpgBt6rIrtiq1yLCnEtVhTUTm_OJgpUEK39gew==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f054b3bfb110ccb041427844303cf90a427cbc48359cc21c44670db59c29d18b

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 21:26:15 GMT
content-encoding
gzip
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-version-id
vbtUuGLgE_bGefIRrZm13zK2JvpV3bm2
x-amz-cf-pop
FRA60-P10
age
962494
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1337
last-modified
Thu, 08 Aug 2024 06:57:15 GMT
server
AmazonS3
etag
"b0cfd2e8e8967ad708b94773be4834a7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
qlxF83sgBTlXjnQ1sXf4XtYXmGdmaZGrzpOXVmrauN8eiGSh20sqew==
google-tag-manager.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 20:19:08 GMT
content-encoding
gzip
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-version-id
bdsEH.0LgrjWd4kHDEZQV0GazYAEKsCs
x-amz-cf-pop
FRA60-P10
age
966521
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1343
last-modified
Thu, 08 Aug 2024 06:57:15 GMT
server
AmazonS3
etag
"a2b1aa1a0e402b1f891c929f94449d47"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
X9CnN00Tfcw4FOAbQLFvjQnN1lOqiRYutOXHsEMKoJyORmm2ZDRDdA==
js
www.googletagmanager.com/gtag/ 		287 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-L3ZY5XJB08
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/actions/845/2d04d1da143afcea0dd4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
726659a1bcd1ec697ba3362c2028630ac7b06baf979ad3af3f1318a7bea0a87f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
100260
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 18 Sep 2024 00:47:48 GMT
commons.a61d7bea37d2de5d4b69.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		70 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-148.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 15 Sep 2024 04:44:59 GMT
content-encoding
gzip
via
1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront)
x-amz-version-id
aAixXKmCEkR1rfYrRzV2.EPYhnGmH0W2
x-amz-cf-pop
FRA60-P10
age
244970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21911
last-modified
Thu, 08 Aug 2024 06:57:13 GMT
server
AmazonS3
etag
"c467a63b2e7c3a99be423ace649014d8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
RCKk--WqnLb0VRFD58zXTw3vA3CU-zg2U27_wbK9CPneuUiwYytqaQ==
hotjar-1714604.js
static.hotjar.com/c/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1714604.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-11.fra56.r.cloudfront.net
Software
/
Resource Hash
8938f72b1d819021b0221e2198ca2f228a1d5099796dc3b5ee809ac38d217fbb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:48 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 e44e0b24e706487eaec6b9e01f2166dc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/2704f9390d52d077d9e7576e2a2e7490
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
VtgRzJ1RSCOatv-pmSZVi8DojMYMrVfCDoRbQHMR7r3vK7u1rNdsQA==
gtm.js
www.googletagmanager.com/ 		426 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b81d4d3cfcdc00464c16e4a7437f24933d842dbc46b7f409058015fe2099dded
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
130285
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
vary
*
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
moe_webSdk.min.latest.js
cdn.moengage.com/webpush/ 		255 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.96 , United States, ASN (),
Reverse DNS
server-3-161-82-96.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d49755b0c41eba22a0469362e9b9498e4e01c94281797c9671fd12f8d1757ac7

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 10:45:07 GMT
content-encoding
gzip
via
1.1 59d552fe007f8133d3f016164f2c79aa.cloudfront.net (CloudFront)
last-modified
Thu, 12 Sep 2024 10:45:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
482560
etag
W/"8bd49c7e2312d9a7d1f0495b165eced3"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1209600
x-amz-cf-id
lfvyFNVYmWtL9s35Z8zO17hLeMkA8LUtYlLceXhfnlkMuWSNn4Lo0A==
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-L3ZY5XJB08&gtm=45je4990v867673431za200&_p=1726620468326&_gaz=1&gcd=13l3lPl2l2l1&npa=0&dma_cps=syphamo&dma=1&tag_exp=0&cid=1448060516.1726620469&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1726620468&sct=1&seg=0&dl=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&dt=Carsome%20-%20%231%20Online%20Used%20Cars%20Buying%20%26%20Selling%20Platform&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2264
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L3ZY5XJB08
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.carsome.my
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-L3ZY5XJB08&cid=1448060516.1726620469&gtm=45je4990v867673431za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l2l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L3ZY5XJB08
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.carsome.my
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rul
td.doubleclick.net/td/ga/ Frame 1455 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-L3ZY5XJB08&gacid=1448060516.1726620469&gtm=45je4990v867673431za200&dma=1&dma_cps=syphamo&gcd=13l3lPl2l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=366645300
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L3ZY5XJB08
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 Sep 2024 00:47:48 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-L3ZY5XJB08&cid=1448060516.1726620469&gtm=45je4990v867673431za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l2l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1504991499
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
api.segment.io/v1/ 		21 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.25.147 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-25-147.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.carsome.my
date
Wed, 18 Sep 2024 00:47:49 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
i
api.segment.io/v1/ 		21 B
173 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/i
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.25.147 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-25-147.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.carsome.my
date
Wed, 18 Sep 2024 00:47:49 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
modules.6e8cbd39caed17f0d1c0.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.6e8cbd39caed17f0d1c0.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1714604.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-54.fra56.r.cloudfront.net
Software
/
Resource Hash
448797aade8c774bb0d8bf418eb7469865095c4e9016fc13095204ba2b6dc3e3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 14:41:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 13140684c599ca32163cf7ec1871cebc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
554802
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56449
last-modified
Wed, 11 Sep 2024 14:40:34 GMT
etag
"92b2dc3a86a608117dd7c4d6660c942b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
A21-aRlxkry66KGoUirmrbBsavN5JBlv7CHD8vbbKd9R8zX7npKA8w==
XY8vspLxLkhZC83qX9tB.js
tags.creativecdn.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.creativecdn.com/XY8vspLxLkhZC83qX9tB.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Wed, 18 Sep 2024 00:47:48 GMT
content-encoding
gzip
x-accel-date-max
1722729268
x-guploader-uploadid
AHxI1nOld7ekpfXP9NXTbMMyDyBUM6SPDSfBMFp53MQ9XbRo9NhQwefPTyahPQTeD545BXfptDVWjhKinA
x-77-cache
HIT
x-cache
REVALIDATED
x-goog-storage-class
STANDARD
x-guploader-response-body-transformations
gunzipped
x-goog-metageneration
4
x-goog-stored-content-encoding
gzip
x-age
4944
x-accel-date
1726615524
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-77-nzt
EgwBqZb/swGWUBMAAAwB1GY4EQH3dAkAAA
x-accel-expires
@1726623281
x-77-age
4944
last-modified
Tue, 20 Sep 2022 08:41:37 GMT
server
CDN77-Turbo
etag
W/"7dd71e4b922b44d4a1b639cea2047fcd"
x-77-nzt-ray
f88df72e996b6c6f3423ea660c80df3a
vary
Accept-Encoding
x-goog-generation
1663663297192135
content-type
application/javascript
x-goog-hash
crc32c=U/iOdA==, md5=fdceS5IrRNShtjnOogR/zQ==
cache-control
public, max-age=3600
warning
214 UploadServer gunzipped
x-goog-stored-content-length
1741
expires
Sun, 04 Aug 2024 00:14:08 GMT
paths.js
www.icarasia.com/paths/ 		639 B
919 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icarasia.com/paths/paths.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.193.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.193.120.34.bc.googleusercontent.com
Software
/
Resource Hash
766fe7c9b951969f0839626ebf090e6d82a120858a1d5880400d51643bd8d5c5

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:49 GMT
via
1.1 google
last-modified
Wed, 18 Sep 2024 00:47:49 UTC
content-type
application/javascript
cache-control
post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
639
expires
Mon, 16 Sep 2024 00:47:49 UTC
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 18 Sep 2024 00:47:48 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58953
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4411, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
IFbDrKwNfDNbMoGb79p9Y4yBxSMvanER7qbSFm16PFMnsXov/aDxQ+plQ9N3ErzD8OpAKpDzLU8V3WEeUC7PvA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 18 Sep 2024 00:47:48 GMT
last-modified
Fri, 06 Sep 2024 21:17:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 98F1AAF6CCFB4ADF84749B7C6E03A594 Ref B: FRA31EDGE0113 Ref C: 2024-09-18T00:47:48Z
etag
"016326a20db1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14305
hqulgahvgb
www.clarity.ms/tag/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/hqulgahvgb?ref=gtm
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ad724000094995e7dd079b98ea9cc0b195f9261f03cea13f6921b71b9e708d4d

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
date
Wed, 18 Sep 2024 00:47:49 GMT
x-azure-ref
20240918T004748Z-185bbb449548zqp24r1qs2vsa0000000070g00000000267c
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
1032
expires
-1
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:48 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220150-FRA
ytc.js
s.yimg.com/wi/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1
date
Wed, 18 Sep 2024 00:46:15 GMT
x-amz-version-id
JRuD6BVFDpXh1T7iUrCVWNpcX_ACBwVG
content-encoding
gzip
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
F1MRSXJVVX1YP9ET
age
94
x-amz-server-side-encryption
AES256
content-length
6826
x-amz-id-2
dvtbs10nG+EYhWOGPwBfbcx7gDR8yqG0s86CurJw2f3/rqjAn5IVYOVxO64QNXwZWb5mISwqn4c=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Fri, 03 Oct 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Wed, 28 Aug 2024 12:33:10 GMT
server
ATS
etag
"bc033c3a83e1880e480086bf11ac0b0a-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=3600
accept-ranges
bytes
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9K2GCBC77UEJD2HOFGG&lib=ttq
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-196.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8fdd6b989adf1b56d65a61272da49810ddc72852ad79d89308d1185f6dd272cc

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
14ba4256.6479ad50
date
Wed, 18 Sep 2024 00:47:49 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240918004749CB919C32C5B01C4CE1B1-7643BA710A28FFCB-00
x-cache
TCP_MISS from a23-213-160-226.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time
114,23.213.160.226
server-timing
cdn-cache; desc=MISS, edge; dur=108, origin; dur=9, inner; dur=4
content-length
2049
pragma
no-cache
server
nginx
x-tt-logid
20240918004749CB919C32C5B01C4CE1B1
x-cache-remote
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
9,23.220.104.20
x-tt-trace-host
0105f3b903c5b53d67435cfcdf98b289adaede6e281afd6769a86a086f9ba65f402a5b1527bc13ffee1bfed021a9dad4c84e4bcdfd7b7c300ff2e87f1c187857aa1e49591b4a174074128a3a1d1d6271c68fff959be55e51f92f3562e0fcc387791ca0d4bd593d28fcc19c0b7ea9218752
expires
Wed, 18 Sep 2024 00:47:49 GMT
754895138689982
connect.facebook.net/signals/config/ 		66 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/754895138689982?v=2.9.167&r=stable&domain=www.carsome.my&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
528876a242a061a0ecd46cd163bb7e13e4143c21ec5b0dbf25d33f6cc947df10
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 18 Sep 2024 00:47:48 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=74, mss=1232, tbw=67081, tp=63, tpl=0, uplat=74, ullat=0
pragma
public
x-fb-debug
sXqbvkUk4oxUJcHW6NGhHn1dUJm2+GI8D4GGGFyuHt7/60WWqcWdMSktZ9MVuae2oD86twc8ZXE/Z+309RfwJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
1554179071493817
connect.facebook.net/signals/config/ 		256 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1554179071493817?v=2.9.167&r=stable&domain=www.carsome.my&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
afd22659729e5932410fa838edc6a9d3edb31824fbf6e8d049c8c1afddc02e0c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 18 Sep 2024 00:47:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=41, rtx=0, c=85, mss=1232, tbw=81081, tp=78, tpl=0, uplat=130, ullat=0
pragma
public
x-fb-debug
NsLth0Tap2rVlsHrsizJ3HsfGOxnKKkZrWAFvli83kSXlaOs01CJmqf93tSq9P6MN/GpIjDYfRLPvL9AmwGLqw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?batch=1&events[0]=id%3D754895138689982%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.carsome.my%252F%252Fcarsome%252F-certified%26rl%3D%26if%3Dfalse%26ts%3D1726620468975%26sw%3D1600%26sh%3D1200%26v%3D2.9.167%26r%3Dstable%26a%3DtmSimo-GTM-WebTemplate%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1726620468975.766897483686550699%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1726620468796%26coo%3Dfalse%26tm%3D1%26exp%3Df1&rqm=GET
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=2773, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 18 Sep 2024 00:47:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=754895138689982&ev=PageView&dl=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&rl=&if=false&ts=1726620468975&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1726620468975.766897483686550699&ler=empty&cdl=API_unavailable&it=1726620468796&coo=false&tm=1&exp=f1&rqm=FGET
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xe8d4fbe253bbcf02","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:5804236416253434","7830:5804236416253434","10853:5804236416253434","41:5804236416253434","8046:5804236416253434"]},"debug_reporting":true,"debug_key":"4341302120448769369"}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 18 Sep 2024 00:47:49 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7415778446963945244", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=10, mss=1297, tbw=3308, tp=-1, tpl=-1, uplat=131, ullat=0
pragma
no-cache
x-fb-debug
s3NXSNsV532hcE1d2STITCKbwRABQxUVR+9qAmH0n7NJjSrcDS/CNkbnTUyqRRKfV2yvDdIqgdDgJgNfs/d4BQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7415778446963945244"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
adsct
t.co/1/i/ 		43 B
629 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1b8dcfe2-a614-47de-9480-a24f373d9c20&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0de19be7-8ac0-4beb-ac36-b82ee5268ab2&tw_document_href=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&tw_iframe_status=0&txn_id=o2593&type=javascript&version=2.3.30
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time
175
date
Wed, 18 Sep 2024 00:47:49 GMT
strict-transport-security
max-age=0
cf-cache-status
DYNAMIC
server
cloudflare tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
86537c8cf296857d
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
c50e125d02f9252ce6bab3b6ae00e81e0f71fa12968540708667269282774c2f
cf-ray
8c4d53abed686a75-TXL
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
725 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1b8dcfe2-a614-47de-9480-a24f373d9c20&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0de19be7-8ac0-4beb-ac36-b82ee5268ab2&tw_document_href=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&tw_iframe_status=0&txn_id=o2593&type=javascript&version=2.3.30
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time
107
date
Wed, 18 Sep 2024 00:47:49 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
30bc212f312194d1
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
4d6e8b2f0cbafe54e89089ab3f5f2fb485fd8db2feb7d4e3cb0e63dcfc79d259
content-length
43
10155285.json
s.yimg.com/wi/config/ 		46 B
705 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10155285.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
3541f53704beeb077fb86250d344d659e666da7d61d408f105adc87659ac87db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
x-amz-version-id
Nf.s3MXOD4kxm79Y11lDAJ09Gyhx_R8D
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-request-id
VQ9R597GQG3HHCK5
age
0
x-amz-server-side-encryption
AES256
content-length
46
x-amz-id-2
hrZFjM28sTOYlbnMkDYx+dVv01xYD+wFH/UNmMjL3BCjXaIBwY2aSwT3EUCnMNFTxEP1j7lAObs4D0wQ44EATDVD0qBpKbjfS6Ax+mAgteQ=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Thu, 23 Oct 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Tue, 17 Sep 2024 21:56:16 GMT
server
ATS
etag
"5732717e15711e5ca6825d322fde7228"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
v2
asia.creativecdn.com/tags/
Redirect Chain
  • https://asia.creativecdn.com/tags/v2?type=json
  • https://asia.creativecdn.com/tags/v2?type=json&tc=1
478 B
836 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://asia.creativecdn.com/tags/v2?type=json&tc=1
Protocol
H2
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
547a57ad0edb349ca7df22c201023fa45ce56814e1dbc612b0965b40395fec50

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:50 GMT, Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
access-control-max-age
3600
vary
Origin
access-control-allow-methods
GET, POST
access-control-allow-origin
https://www.carsome.my
content-type
application/json;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
access-control-allow-credentials
true
content-length
356
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:50 GMT, Wed, 18 Sep 2024 00:47:50 GMT
access-control-max-age
3600
vary
Origin
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
access-control-allow-origin
https://www.carsome.my
access-control-allow-methods
GET, POST
location
https://asia.creativecdn.com/tags/v2?type=json&tc=1
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
v2
asia.creativecdn.com/tags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://asia.creativecdn.com/tags/v2?type=json
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.carsome.my
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
https://www.carsome.my
access-control-max-age
3600
content-length
0
date
Wed, 18 Sep 2024 00:47:49 GMT
vary
Origin
56013541.js
bat.bing.com/p/action/ 		370 B
421 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/56013541.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Wed, 18 Sep 2024 00:47:48 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 87DBB589FC07475DA72E94E79F1BEED1 Ref B: FRA31EDGE0113 Ref C: 2024-09-18T00:47:49Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
clarity.js
www.clarity.ms/s/0.7.46/ 		64 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.46/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hqulgahvgb?ref=gtm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4ac65dcc5ed84285cfd19c18f2b715a53f07f708f34198aa96ed8b846a78ef58

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:49 GMT
content-encoding
br
last-modified
Mon, 16 Sep 2024 18:25:17 GMT
etag
W/"0x8DCD67CEA754A65"
vary
Accept-Encoding
x-azure-ref
20240918T004749Z-185bbb449548zqp24r1qs2vsa0000000070g00000000267y
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
5c74139f-501e-0016-5efe-08d80c000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
main.MTcyYmY3Y2UyMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		340 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9K2GCBC77UEJD2HOFGG&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-196.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
864072a3229468b4abd5debaf97f3ed17b77f098513c523746cb825ee183e68f

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
6479b25a
date
Wed, 18 Sep 2024 00:47:49 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024091417171848D9C2F14813DCBFB828
x-tt-trace-id
00-24091417171848D9C2F14813DCBFB828-7CD7D40D43117618-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-213-160-226.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01d18225dc3ab7c53ee7d09a11b44a2f371084d3e7d1e1561df716353b6b9e5b77cf5fa4093b3164a5abab2437daf5d5ec4cff6e10db3cd159a0e68642acba0b875da8d948d0687367754bc42e20388120a76167c94eb783e733782f9673b82642
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
96574
events
capig.carsome.my/ 		21 B
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capig.carsome.my/events
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/1554179071493817?v=2.9.167&r=stable&domain=www.carsome.my&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
server
cloudflare
vary
origin
access-control-allow-origin
https://www.carsome.my
access-control-allow-credentials
true
cf-ray
8c4d53acb9615902-TXL
alt-svc
h3=":443"; ma=86400
content-length
47
/
www.facebook.com/tr/ 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?batch=1&events[0]=id%3D1554179071493817%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.carsome.my%252F%252Fcarsome%252F-certified%26rl%3D%26if%3Dfalse%26ts%3D1726620469187%26sw%3D1600%26sh%3D1200%26v%3D2.9.167%26r%3Dstable%26a%3DtmSimo-GTM-WebTemplate%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1726620468975.766897483686550699%26ler%3Dempty%26cdl%3DAPI_unavailable%26eid%3Dob3_plugin-set_68ec7c8f67d4cff6e7df062475d49986ae14dc425de24c18cb5ae306522f2837%26it%3D1726620468796%26coo%3Dfalse%26tm%3D1%26exp%3Df3&rqm=GET
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=10, mss=1297, tbw=3161, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 18 Sep 2024 00:47:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1554179071493817&ev=PageView&dl=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&rl=&if=false&ts=1726620469187&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1726620468975.766897483686550699&ler=empty&cdl=API_unavailable&eid=ob3_plugin-set_68ec7c8f67d4cff6e7df062475d49986ae14dc425de24c18cb5ae306522f2837&it=1726620468796&coo=false&tm=1&exp=f3&rqm=FGET
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Wed, 18 Sep 2024 00:47:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7415778447357378581", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=10, mss=1297, tbw=6455, tp=-1, tpl=-1, uplat=35, ullat=0
pragma
no-cache
x-fb-debug
ihzJgL2Vcyfg8rcWWYItK+MGjxznCWUBsCkDPaSE02UiIylE8MUkYUyOWU2jHdPsm+UcMBa8OMpJ6ZC2zFa/9A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7415778447357378581"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
sp.pl
sp.analytics.yahoo.com/ 		43 B
508 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2018%20Sep%202024%2000%3A47%3A49%20GMT&n=-2d&b=Carsome%20-%20%231%20Online%20Used%20Cars%20Buying%20%26%20Selling%20Platform&.yp=10155285&f=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified&enc=UTF-8&yv=1.16.5&tagmgr=gtm
Requested by
Host: www.carsome.my
URL: https://www.carsome.my//carsome/-certified
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.171.122.26 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-122-26.eu-west-1.compute.amazonaws.com
Software
ATS/9.1.10.134 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:49 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.134)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.134
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, no-store, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Wed, 18 Sep 2024 00:47:49 GMT
collect
w.clarity.ms/ 		0
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://w.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.46/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.carsome.my
Date
Wed, 18 Sep 2024 00:47:49 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
pathway.js
paths.carsome.my/paths/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paths.carsome.my/paths/pathway.js?tml_t=&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com
Requested by
Host: www.icarasia.com
URL: https://www.icarasia.com/paths/paths.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.196.165 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
165.196.227.35.bc.googleusercontent.com
Software
/
Resource Hash
66f592012af9505e546e3728702e6dcca58734e3ff8209e9d614b97391a056c3

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:49 GMT
via
1.1 google
last-modified
Wed, 18 Sep 2024 00:47:49 UTC
content-type
application/javascript
cache-control
post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 16 Sep 2024 00:47:49 UTC
identify_7bf75739.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-196.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
6479b676
date
Wed, 18 Sep 2024 00:47:49 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024083002252950025D613AEAED5E2E70
x-tt-trace-id
00-24083002252950025D613AEAED5E2E70-5FCAA6CF46C69E27-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-213-160-226.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0143abac0f4003bd96af5c29253b82c47e8db99c3db24377a0ec0f593a97ff9053ed8bacb2facd45510bd70fd5888da7ef0bb467635bf5910beb0397f1ea6f235de9eceeaeab5dc847218a3c21479232eaedc14dee6e452a6b12499eec72aa4719
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
39330
pixel
analytics.tiktok.com/api/v2/ 		0
882 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-196.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
56937353.6479b677
date
Wed, 18 Sep 2024 00:47:49 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2409180047498E29E34B57BA2F437018-18331E39F3F7159C-00
x-cache
TCP_MISS from a23-213-160-226.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time
264,23.213.160.226
server-timing
cdn-cache; desc=MISS, edge; dur=94, origin; dur=176, inner; dur=173
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202409180047498E29E34B57BA2F437018
x-cache-remote
TCP_MISS from a23-220-104-24.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
177,23.220.104.24
x-tt-trace-host
0105f3b903c5b53d67435cfcdf98b289adaede6e281afd6769a86a086f9ba65f40bc15618c3b457d95cacd717bade2f1a56dc94ee7596f292f6a892e8b5f7b8205aa6eb285f36c702dc48fffe11aedbd565d98fbf0a6e7e3b868d827acb27432e759e53e0effcd682b8903ed9613b0a460
access-control-allow-headers
Authorization,*
expires
Wed, 18 Sep 2024 00:47:49 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-196.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
6479b9b3
date
Wed, 18 Sep 2024 00:47:49 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240918004749DC054A34DA2C642C521F-3359091D6D8A0E03-00
x-cache
TCP_MISS from a23-213-160-226.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=11, origin; dur=132
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240918004749DC054A34DA2C642C521F
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
134,23.213.160.226
x-tt-trace-host
0105f3b903c5b53d67435cfcdf98b289adce34800bc950f3b29708b7f54b3e576167d3b5500ad0abd45acf318cfad3c41bb0669320be76718e20dd839fd8f8e1c0eb74466371c23064e0b879b005d21bc0be0ef0107453987f1a8f939c77bc85ba
access-control-allow-headers
Authorization,*
expires
Wed, 18 Sep 2024 00:47:49 GMT
path.js
www.icarasia.com/paths/ 		214 B
414 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icarasia.com/paths/path.js?tml_t=519d8127-1908-4377-ac0c-f1ec3be4dec3&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com
Requested by
Host: paths.carsome.my
URL: https://paths.carsome.my/paths/pathway.js?tml_t=&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.193.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.193.120.34.bc.googleusercontent.com
Software
/
Resource Hash
a45a61e8b900ef57f0bb99b45a1b25ec19d400606481ea6c2880bcd7833e4f4c

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:49 GMT
via
1.1 google
last-modified
Wed, 18 Sep 2024 00:47:49 UTC
content-type
application/javascript
cache-control
post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
214
expires
Mon, 16 Sep 2024 00:47:49 UTC
resizeimage.ashx
logo.page-source.com/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.page-source.com/resizeimage.ashx?ig=www.carsome.my&sz=215401
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.89.234.134 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ns31195920.ip-51-89-234.eu
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:49 GMT
cache-control
private
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-length
0
content-type
text/plain
websdksettings
sdk-01.moengage.com/v2/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/websdksettings?app_id=G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
nginx /
Resource Hash
617f3ac8a505e5705e3b094ddccd810ddb27b0ffc7e64c0cfd7a0036ed102ff9

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
via
1.1 c53fb2c65e26830010100e7d773f73ae.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P10
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
X1mkxrQIdBMbLqLR36NOFxrPx-jwM6ujVKVsaraPYVVCIFuuln9oQA==
expires
Wed, 18 Sep 2024 00:47:49 GMT
rum
www.carsome.my/cdn-cgi/ 		0
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://www.carsome.my
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
8c4d53b2a96a5902-TXL
favicon.ico
www.carsome.my/ 		4 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.carsome.my/favicon.ico?v=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.224 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e33741fdf4dbb1d2ac7c2cf9df74f72e9982cca3be9e029b4d756c44d0b229c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.carsome.my//carsome/-certified
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
last-modified
Thu, 12 Sep 2024 11:06:33 GMT
server
cloudflare
cf-cache-status
MISS
etag
W/"10be-191e5e9d6a8"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=14400
cf-ray
8c4d53b2a9725902-TXL
alt-svc
h3=":443"; ma=86400
expires
Wed, 18 Sep 2024 04:47:50 GMT
v2
asia.creativecdn.com/tags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://asia.creativecdn.com/tags/v2?type=json&tc=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.carsome.my
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
https://www.carsome.my
access-control-max-age
3600
content-length
0
date
Wed, 18 Sep 2024 00:47:50 GMT
vary
Origin
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v3/sdkconfig/web/ 		427 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v3/sdkconfig/web/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
nginx /
Resource Hash
4b633cadf24550e3316d8d7fa45616d62793d14a23e738215edcaa793b2b3bd0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
via
1.1 c53fb2c65e26830010100e7d773f73ae.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P10
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Zk5T7F-uBZdn7qjO-nGna9p48BhnAyYUa3Fch8G_1rAWdbfEliDHRg==
expires
Wed, 18 Sep 2024 00:47:49 GMT
ig-membership
asia.creativecdn.com/ Frame F538 		0
0
topics-membership
asia.creativecdn.com/ Frame 5462 		0
0
bounce
ib.adnxs.com/
Redirect Chain
  • https://ib.adnxs.com/setuid?entity=315&code=rU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D315%26code%3DrU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D315%26code%3DrU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8
Protocol
H2
Server
185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:50 GMT
an-x-request-uuid
93f45355-d5f6-4890-9266-2431cad10c56
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
80.255.7.102; 80.255.7.102; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Sep 2024 00:47:50 GMT
an-x-request-uuid
9fc8f7db-9eec-4028-9ab6-0f5fa6badd15
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D315%26code%3DrU-PZDXnFzUYn0kusueRMtS5DS98pDU3gVrstpDX8-8
cache-control
no-store, no-cache, private
x-proxy-origin
80.255.7.102; 80.255.7.102; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
add
sdk-01.moengage.com/v2/device/ 		81 B
587 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/device/add?os=web&os_platform=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&is_incognito=false&app_id=G85KQ0PGKVRZR1DW1I6F6404&os_ver=Google%20Chrome&sdk_ver=2.44.0&model=Google%20Chrome&app_ver=1.0&device_ts=1726620470649&device_tz_offset=7200000&unique_id=601350f0-bea9-4c49-ae70-d068009cd2e1&device_tz=-120&subscription_type=vapid&vapid_public=BPotnj6hXT7bSe4DGrSYk-g2xsNPzAFm_RsD2pWIoZocViI5WLk0Yqa3LSyOHkAs_AWPEobcpK6svVuVaVQN8-A&url=https%3A%2F%2Fwww.carsome.my%2F%2Fcarsome%2F-certified
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
nginx /
Resource Hash
bb8b86a15c64fd109e4ebecafb8fe461838d1f73f1cb84d87b84da4fee00aae3

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 18 Sep 2024 00:47:50 GMT
content-encoding
gzip
via
1.1 c53fb2c65e26830010100e7d773f73ae.cloudfront.net (CloudFront)
moe-request-id
gBmfLEfu
server
nginx
x-amz-cf-pop
FRA56-P10
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
no-cache
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
GtpDQQi6DqeUHS7n5mHFHLVa0bVYmnH2Zkrr1VyExdb4AsLWwFfGYA==
expires
Wed, 18 Sep 2024 00:47:49 GMT
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
live
sdk-01.moengage.com/v3/campaigns/inapp/ 		0
0
live
sdk-01.moengage.com/v3/campaigns/inapp/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v3/campaigns/inapp/live?sdk_ver=2.44.0&unique_id=601350f0-bea9-4c49-ae70-d068009cd2e1&os=web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,moe-appkey
Access-Control-Request-Method
POST
Origin
https://www.carsome.my
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT, User-Agent, X-Requested-With, If-Modified-Since,Cache-Control, Content-Type, Range, MOE-DBNAME, MOE-APPKEY,MOE-REQUEST-ID, MOE-UNIQUE-ID, MOE-APPSECRET, MOE-INAPP-BATCH-ID, MOE-DASHBOARD-USER-ID
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, PATCH
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 18 Sep 2024 00:47:51 GMT
moe-request-id
BWCFsrgz
server
nginx
via
1.1 c53fb2c65e26830010100e7d773f73ae.cloudfront.net (CloudFront)
x-amz-cf-id
3QXofsLrGJkzclzb8qvUTdB77KUe4dxvRK7Lpzb0XzjuHyALbUg7jA==
x-amz-cf-pop
FRA56-P10
x-cache
Miss from cloudfront
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
G85KQ0PGKVRZR1DW1I6F6404
sdk-01.moengage.com/v2/sdk/report/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdk-01.moengage.com/v2/sdk/report/G85KQ0PGKVRZR1DW1I6F6404
Requested by
Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:3400:1b:c0b3:adc0:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=utf-8

Response headers
collect
w.clarity.ms/ 		0
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://w.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.46/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.carsome.my/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.carsome.my
Date
Wed, 18 Sep 2024 00:47:51 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
asia.creativecdn.com
URL
https://asia.creativecdn.com/ig-membership?ntk=37j-B4oJAIt_9zTL3zUQPiWuSb6y7Sei7GIxZZ9CMtV34495-uRm8dt1HkwDWtmxZs95RRtUVyGiwCIJ6rVeS2pyqNAm4YL9fWVjbl7rOtc
Domain
asia.creativecdn.com
URL
https://asia.creativecdn.com/topics-membership?ntk=eLUZdotD5P1lLU_4iGIdftiolLx3vZdETn4LYsZpYrPk6bnG44weDq0WzYaNkAmFUKGNROibmPetp_pn5bW1t5bPRgLj4ofcwnObymuuaHE
Domain
sdk-01.moengage.com
URL
https://sdk-01.moengage.com/v3/campaigns/inapp/live?sdk_ver=2.44.0&unique_id=601350f0-bea9-4c49-ae70-d068009cd2e1&os=web

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| dataLayer number| nowTime number| utm_expires object| obj_queryString function| clear_localstorage object| __NUXT__ function| resizecarsomeb function| resizecarsomeh function| resizecarsomea object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| analytics object| Amplitude object| userData object| $nuxt function| recaptchaSuccessCallback function| recaptchaExpiredCallback function| recaptchaErrorCallback object| __cfBeacon object| default_gsi object| _F_toggles object| google object| closure_lm_849005 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_181240 object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| webpackChunkDestination function| google-analytics-4-webDestination function| gtag object| hotjarDeps function| hotjarLoader object| google-tag-managerDeps function| google-tag-managerLoader object| moengageDeps function| moengageLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| google-tag-managerIntegration function| moengageIntegration string| moengage_object object| moengage_q function| moe object| google_tag_manager object| google_tag_data object| gaGlobal function| moeOnsite object| moeInternals object| MoeOsm string| moeBannerText function| MoengagePageEventHistoryManager function| Moengage object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled function| postscribe object| google_tag_manager_external number| pv object| rtbhEvents function| tmlPush function| gaPush function| fbq function| _fbq object| _fbq_gtm_ids function| clarity function| twq object| dotq number| cookie_expiry string| gtmEnv string| TiktokAnalyticsObject object| ttq object| twttr object| YAHOO function| UET function| UET_init function| UET_push object| ueto_b7d4efa675 object| uetq object| tmlD string| pathD object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| tmlDv object| tml object| tmlDf function| normalize

33 Cookies

Domain/Path Name / Value
.carsome.my/ Name: amp_4b05bb
Value: bw9-8d-Zczpf8f1Nuv7XQS...1i819j010.1i819j010.0.0.0
.carsome.my/ Name: ajs_anonymous_id
Value: 74c187e5-4e93-4c85-bc9e-c87d7b2754ca
.carsome.my/ Name: _ga
Value: GA1.1.1448060516.1726620469
.carsome.my/ Name: _gcl_au
Value: 1.1.128324288.1726620469
.carsome.my/ Name: _ga_L3ZY5XJB08
Value: GS1.1.1726620468.1.1.1726620468.60.0.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.carsome.my/ Name: _hjSessionUser_1714604
Value: eyJpZCI6Ijk1NDEzNzczLTA3Y2EtNTA1NS04Zjk0LTVjNjllNTA4Y2I1NCIsImNyZWF0ZWQiOjE3MjY2MjA0Njg4MzEsImV4aXN0aW5nIjpmYWxzZX0=
.carsome.my/ Name: _hjSession_1714604
Value: eyJpZCI6IjJkMmM1ZmYwLTIyZTctNGY3My05Y2U5LWExYmQ4OTU3ZGY1MiIsImMiOjE3MjY2MjA0Njg4MzEsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.carsome.my/ Name: _fbp
Value: fb.1.1726620468975.766897483686550699
www.carsome.my/ Name: __rtbh.uid
Value: %7B%22eventType%22%3A%22uid%22%2C%22id%22%3A%22unknown%22%7D
www.carsome.my/ Name: __rtbh.lid
Value: %7B%22eventType%22%3A%22lid%22%2C%22id%22%3A%22q5bTAmVKmfDZWHhqDRDs%22%7D
.tiktok.com/ Name: _ttp
Value: 2mDoNhc0I58YmcBCjLtMVsosHDI
.twitter.com/ Name: guest_id_marketing
Value: v1%3A172662046918548410
.twitter.com/ Name: guest_id_ads
Value: v1%3A172662046918548410
.twitter.com/ Name: personalization_id
Value: "v1_BQSzcd3PEFMdR4OaXKeDEg=="
.twitter.com/ Name: guest_id
Value: v1%3A172662046918548410
.t.co/ Name: muc_ads
Value: 656ea860-9d0c-4cdd-a808-43813b1fb826
.t.co/ Name: __cf_bm
Value: FJsG9O4y3O_XdntRgPBvvjLaF1SxB.kRibMm9zNfdjs-1726620469-1.0.1.1-7h1zNthgcOvVlCBAI_NSTXFvirwKIF0Fa5mrg0W.jfJsuwuNDjwAL2ItvefbzqG6VXEWXrnBx4hbxIp7BL8kPQ
.carsome.my/ Name: _tt_enable_cookie
Value: 1
.carsome.my/ Name: _ttp
Value: mG5CNHGPAVmhQSKkCqLLPJ0crAW
.carsome.my/ Name: tml_s
Value: 65804ed8-af38-476f-a798-606383a1f634
.carsome.my/ Name: tml_t
Value: 519d8127-1908-4377-ac0c-f1ec3be4dec3
.www.icarasia.com/ Name: tml_t
Value: 519d8127-1908-4377-ac0c-f1ec3be4dec3
.creativecdn.com/ Name: g
Value: 0iOMxid88to1t4ZoWcWr_1726620470140
.creativecdn.com/ Name: c
Value: 0iOMxid88to1t4ZoWcWr_XY8vspLxLkhZC83qX9tB_1726620470140
.creativecdn.com/ Name: ts
Value: 1726620470
.creativecdn.com/ Name: ar_debug
Value: 1
.carsome.my/ Name: moe_uuid
Value: 601350f0-bea9-4c49-ae70-d068009cd2e1
.adnxs.com/ Name: XANDR_PANID
Value: Lsxfj_zoJA11iv0yTiqSue9EnyKaUJvpLd_ImAAeZyyQEpVgChXgeMDWKS2YjikRE0q18l8VZlwRqPqA1SC_3vnaruWRXu85nMfVj3FKQf0.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 8900871735786687635
.adnxs.com/ Name: anj
Value: dTM7k!M4/rD>6NRF']wIg2ImMpQjUI!@wnfH1YbZRGH!W=AqXS5c%9m/4!ED4h!F#b@t*+5=@9Tk`Q8#iaAR)j5XYr[7<^A0/R#$9AEUU*$1Gj*bpRz*qF1`*b_g9->x75
.carsome.my/ Name: __cf_bm
Value: HrkfiIOVBiuJxtq_aYL8OfKh7IWQ9ojo9y6oWsmhlVM-1726620470-1.0.1.1-ymHFvCEy_ZxSWNNMG_Z3zYy_aYBSM58ne4rmZJm__oqVtJ1Tp.cQi0xk3BmDGr1xmH6RntSIARQaAU8AShsOMg

72 Console Messages

Source Level URL
Text
network error URL: https://www.carsome.my//carsome/-certified
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://accounts.google.com/gsi/client' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 10)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-DrRB93mB/cfs/2T2D7/ofNjKcE43PQyH3iS+tMd6tRo='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.carsome.my//carsome/-certified(Line 11)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-7Ds5ZIgyV8CeGLTPkTNk3ZN8iVDm13KUBVkilMEMDbg='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.carsome.my//carsome/-certified(Line 12)
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/4ca52c7.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 12)
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/424a1ae.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 12)
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/af4cb84.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 12)
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/1468251.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 80)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-umFAkUjgmjJwUIaeqGVdpO5+z2YTnpNaJeWAhdIvxRg='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/4ca52c7.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/424a1ae.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/af4cb84.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://www.carsome.my/_nuxt/1468251.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my//carsome/-certified(Line 82)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-SohzW76ViUI4E3Eez+AGO/SasUFQjb0I7KRUVcqNDuE='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.carsome.my//carsome/-certified
Message:
[Report Only] Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my/_nuxt/1468251.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.carsome.my/_nuxt/1468251.js
Message:
[Report Only] Refused to load the script 'https://www.recaptcha.net/recaptcha/api.js?render=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.recaptcha.net/recaptcha/api.js?render=6LejduQhAAAAAJplB52IumC2_E5xKqqR2hZmeZPY
Message:
[Report Only] Refused to load the script 'https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/actions/google-analytics-4-web/4d7f6070b0e1daea34c5.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/next-integrations/actions/google-analytics-4-web/4d7f6070b0e1daea34c5.js(Line 6)
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/actions/845/2d04d1da143afcea0dd4.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/integrations/moengage/1.0.8/moengage.dynamic.js.gz' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/next-integrations/actions/845/2d04d1da143afcea0dd4.js
Message:
[Report Only] Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-L3ZY5XJB08' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/analytics.js/v1/yw2MHCYONQzqKLKbMuDbNLC1chd5icci/analytics.min.js
Message:
[Report Only] Refused to load the script 'https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Message:
[Report Only] Refused to load the script 'https://static.hotjar.com/c/hotjar-1714604.js?sv=6' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Message:
[Report Only] Refused to load the script 'https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Message:
[Report Only] Refused to load the script 'https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://static.hotjar.com/c/hotjar-1714604.js?sv=6(Line 2)
Message:
[Report Only] Refused to load the script 'https://script.hotjar.com/modules.6e8cbd39caed17f0d1c0.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-up4JlL9lAK65TfdPoOorhenSOCaBv08Ygqq8/lUWewE='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-PCdElB1gxVkqyX74oiwaxYtvSwaqmQLVr5lwbA4nEL8='), or a nonce ('nonce-...') is required to enable inline execution.
security error
Message:
[Report Only] Refused to load the script 'https://tags.creativecdn.com/XY8vspLxLkhZC83qX9tB.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-0D4RItZttz3rHQ1b2XTZldlqyyKevP2+FwXtH9Fz/Xc='), or a nonce ('nonce-...') is required to enable inline execution.
security error
Message:
[Report Only] Refused to load the script 'https://www.icarasia.com/paths/paths.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 221)
Message:
[Report Only] Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 221)
Message:
[Report Only] Refused to load the script 'https://bat.bing.com/bat.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 221)
Message:
[Report Only] Refused to load the script 'https://www.clarity.ms/tag/hqulgahvgb?ref=gtm' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 221)
Message:
[Report Only] Refused to load the script 'https://static.ads-twitter.com/uwt.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-oaxscFTbdpeNAxPeZX5mcyrrtlWcmNYzx4Z27KbnAv8='), or a nonce ('nonce-...') is required to enable inline execution.
security error
Message:
[Report Only] Refused to load the script 'https://s.yimg.com/wi/ytc.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-HQ/BvB3xe/e8XrHDs7/eKAslJM21ozORHQQqSf+rRS4='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-3H8iBhgG9x6K2FQ0QYRAQVvtJKBf1D+30yvVcex17Jc='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-CjjnDMzty+GOa55I1JbRPDK/sSi0egTji5c73XXICSM='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-T3L5T5Fj7seWRZAhG5mD1x9tPAJm4io1ej0iJpBLLUw='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 703)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-thRcFatIjbe2ZWHMRhvyYMWNRpgvyyc0+7lVaE7ru9Y='), or a nonce ('nonce-...') is required to enable inline execution.
security error (Line 1)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9K2GCBC77UEJD2HOFGG&lib=ttq' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security error URL: https://connect.facebook.net/en_US/fbevents.js(Line 125)
Message:
[Report Only] Refused to load the script 'https://connect.facebook.net/signals/config/754895138689982?v=2.9.167&r=stable&domain=www.carsome.my&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://connect.facebook.net/en_US/fbevents.js(Line 125)
Message:
[Report Only] Refused to load the script 'https://connect.facebook.net/signals/config/1554179071493817?v=2.9.167&r=stable&domain=www.carsome.my&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C13...2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bat.bing.com/bat.js
Message:
[Report Only] Refused to load the script 'https://bat.bing.com/p/action/56013541.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.clarity.ms/tag/hqulgahvgb?ref=gtm
Message:
[Report Only] Refused to load the script 'https://www.clarity.ms/s/0.7.46/clarity.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9K2GCBC77UEJD2HOFGG&lib=ttq(Line 3)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icarasia.com/paths/paths.js(Line 2)
Message:
[Report Only] Refused to load the script 'https://paths.carsome.my/paths/pathway.js?tml_t=&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js(Line 1)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://paths.carsome.my/paths/pathway.js?tml_t=&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com(Line 2)
Message:
[Report Only] Refused to load the script 'https://www.icarasia.com/paths/path.js?tml_t=519d8127-1908-4377-ac0c-f1ec3be4dec3&tml_u=&ui=dbbfbbba-46c0-4f32-9c75-e285d4f6f761&host=www.icarasia.com' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQ2DV6F&l=dataLayer&gtm_preview=env-1&gtm_auth=3aLfN5qLGAl7jHQrGMe66Q(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
network error URL: https://capig.carsome.my/events
Message:
Failed to load resource: the server responded with a status of 500 ()
security error URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js(Line 1)
Message:
[Report Only] Refused to create a worker from 'https://www.carsome.my/serviceworker.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js(Line 1)
Message:
[Report Only] Refused to create a worker from 'https://www.carsome.my/serviceworker.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
analytics.tiktok.com
analytics.twitter.com
api.segment.io
asia.creativecdn.com
b2c-cdn.carsome.my
bat.bing.com
capig.carsome.my
cdn.moengage.com
cdn.segment.com
connect.facebook.net
ib.adnxs.com
logo.page-source.com
paths.carsome.my
region1.analytics.google.com
s.yimg.com
script.hotjar.com
sdk-01.moengage.com
sp.analytics.yahoo.com
static.ads-twitter.com
static.cloudflareinsights.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tags.creativecdn.com
td.doubleclick.net
w.clarity.ms
www.carsome.my
www.clarity.ms
www.facebook.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.icarasia.com
www.recaptcha.net
asia.creativecdn.com
sdk-01.moengage.com
103.132.192.30
104.18.24.224
104.244.42.195
13.32.27.54
13.35.58.148
146.75.120.157
157.240.0.6
172.217.18.3
172.66.0.227
18.66.102.11
185.89.210.90
2001:4860:4802:32::36
23.213.161.196
23.96.124.156
2600:9000:26e8:3400:1b:c0b3:adc0:93a1
2606:4700::6810:4f49
2620:1ec:33::10
2620:1ec:bdf::45
2a00:1288:80:807::1
2a00:1450:4001:800::2003
2a00:1450:4001:810::2002
2a00:1450:4001:812::2008
2a00:1450:4001:81d::2003
2a00:1450:400c:c00::9d
2a00:1450:400c:c09::54
2a02:6ea0:c700::18
2a03:2880:f177:185:face:b00c:0:25de
3.161.82.96
34.120.193.242
35.227.196.165
51.89.234.134
54.171.122.26
54.203.25.147
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
056cf0cbd51ef13cb8c90cc633f5d95d98d9ba613f307038dbc7005fb37556dd
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
139c1eb72a4ca975baafbaee2500adec67a0e0105366b0892f2f5bea20deec30
1ba1d158b3dfd5936e9793954401c547a2a96ec7fd25c2c80ce2f22b7cb90545
26397f0fdf724d56f81b544880d1b414e045af75433bdb0696d883184eeb8935
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
29acc0c824e522523519edcf3f78875b24cd29939bac647d18e020c7b63675dc
2ccd5d9e36724d1a0b16b72f781046396919d4352f9f6dc7c6ba898de2d98c30
2de73ff368da41053c9019deb6d84cc7071301f4aad1abfe96b6605294046f26
2f49acc815524e0ace8e898028845fe62fcdbca05a34d012b469a4152bef0e99
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
3541f53704beeb077fb86250d344d659e666da7d61d408f105adc87659ac87db
3e33741fdf4dbb1d2ac7c2cf9df74f72e9982cca3be9e029b4d756c44d0b229c
448797aade8c774bb0d8bf418eb7469865095c4e9016fc13095204ba2b6dc3e3
4ac65dcc5ed84285cfd19c18f2b715a53f07f708f34198aa96ed8b846a78ef58
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b633cadf24550e3316d8d7fa45616d62793d14a23e738215edcaa793b2b3bd0
4b9f4b6894c43b1ad68c54790e1b7d0f3aa0947b3fff960452ea6d8e172b4683
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
50338e59dc30ff0168d449f48ad4611ee85c6127c3d9c44697b000d90e4b984c
528876a242a061a0ecd46cd163bb7e13e4143c21ec5b0dbf25d33f6cc947df10
547a57ad0edb349ca7df22c201023fa45ce56814e1dbc612b0965b40395fec50
5c4d8c00fe14c33a1257d33e8b2e9283e1e2da257ac5fc99508d98a159c916ab
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
617f3ac8a505e5705e3b094ddccd810ddb27b0ffc7e64c0cfd7a0036ed102ff9
637caf9bc12ecd4e62fe94aaf283b0ec90fb43b6f907e6f54f85bc11b5420eea
66f592012af9505e546e3728702e6dcca58734e3ff8209e9d614b97391a056c3
6c9f191e479fc11301aca9300929f1d0c042ed295109c551dae05653d199d78b
726659a1bcd1ec697ba3362c2028630ac7b06baf979ad3af3f1318a7bea0a87f
766fe7c9b951969f0839626ebf090e6d82a120858a1d5880400d51643bd8d5c5
7725d2a5ffa7eeb36483999e23ce69dfc5d53e19792784d60b61fb616d03c268
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4
848a01c97f3c1de5de1dc7fd45e1b8b1b588fccfb8cfbaf1f306580301d23936
864072a3229468b4abd5debaf97f3ed17b77f098513c523746cb825ee183e68f
8938f72b1d819021b0221e2198ca2f228a1d5099796dc3b5ee809ac38d217fbb
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8fdd6b989adf1b56d65a61272da49810ddc72852ad79d89308d1185f6dd272cc
92b6fd2004a3ea0d6696872a1ad873c89aa55b9363f91bd75a83eca94135ee3f
93e36b3ed3b372c9ba461a362092e5490ba1d6d758fbe04bebb217aebc5eadc4
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c
a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d
a45a61e8b900ef57f0bb99b45a1b25ec19d400606481ea6c2880bcd7833e4f4c
a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad724000094995e7dd079b98ea9cc0b195f9261f03cea13f6921b71b9e708d4d
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
afd22659729e5932410fa838edc6a9d3edb31824fbf6e8d049c8c1afddc02e0c
b66e4c84dcb88f0332325269dfe92459487ff2f2d873f3257df9d707313624de
b7e53364e9ce809efb26e4c77588cec41310f5debaa49a003e0be4e0b71adb08
b81d4d3cfcdc00464c16e4a7437f24933d842dbc46b7f409058015fe2099dded
bb8b86a15c64fd109e4ebecafb8fe461838d1f73f1cb84d87b84da4fee00aae3
c6cda198fdd25f0e104943de38d43a926c71a7c6ee8c501f3f2a263ac5956112
d49755b0c41eba22a0469362e9b9498e4e01c94281797c9671fd12f8d1757ac7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62
e4cba3d51e707f32e99b7c7a527a81399a42fefaebfd80b9ade88c3d56c07c1d
e8d2e2667a67f8814ffa08717f990cc58b354afa54656cc7e05bc785bdaeb2d7
ee081424572d5bd4d00172cc5ed82801d0b2f63cbf741b093b41a2ea71f355cb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f054b3bfb110ccb041427844303cf90a427cbc48359cc21c44670db59c29d18b
fb544ce53334eaba1b5d4c8c6a303fb3a065b7efc0b2665d4c7465aa0b256406