bareeqal5alij.hewaaya.com Open in urlscan Pro
2606:4700:3032::6815:1530 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bareeqal5alij.hewaaya.com/user/portshape95
Submission: On February 15 via manual (February 15th 2023, 2:59:07 pm UTC) from GB — Scanned from SG

Summary HTTP 91 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 41 domains to perform 91 HTTP transactions. The main IP is 2606:4700:3032::6815:1530, located in United States and belongs to CLOUDFLARENET, US. The main domain is bareeqal5alij.hewaaya.com. The Cisco Umbrella rank of the primary domain is 771374.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2023. Valid for: 3 months.

This is the only time bareeqal5alij.hewaaya.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	2606:4700:303... 2606:4700:3032::6815:1530	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4003:c06::5f	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c0f::5e	15169 (GOOGLE) (GOOGLE)
9	2404:6800:400... 2404:6800:4003:c05::9c	15169 (GOOGLE) (GOOGLE)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
2	2404:6800:400... 2404:6800:4003:c03::9b	15169 (GOOGLE) (GOOGLE)
4	2404:6800:400... 2404:6800:4003:c11::9d	15169 (GOOGLE) (GOOGLE)
3	2404:6800:400... 2404:6800:4003:c01::84	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c05::68	15169 (GOOGLE) (GOOGLE)
1	149.56.240.31 149.56.240.31	16276 (OVH) (OVH)
3	2606:4700:21:... 2606:4700:21::8d65:780a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.155.68.21 18.155.68.21	16509 (AMAZON-02) (AMAZON-02)
1	13.33.33.57 13.33.33.57	16509 (AMAZON-02) (AMAZON-02)
1	13.33.88.11 13.33.88.11	16509 (AMAZON-02) (AMAZON-02)
1 2	209.191.163.152 209.191.163.152	() ()
3	13.227.254.114 13.227.254.114	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:d3c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	13.228.146.168 13.228.146.168	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:e4:... 2606:4700:e4::ac40:a71f	() ()
1 2	2606:4700:1::... 2606:4700:1::6813:864e	() ()
2 2	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 4	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	52.84.251.14 52.84.251.14	() ()
3 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.16.110.154 104.16.110.154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	106.10.236.147 106.10.236.147	() ()
1 1	52.74.162.2 52.74.162.2	() ()
1 1	103.229.206.240 103.229.206.240	() ()
1 4	54.251.140.206 54.251.140.206	() ()
1 1	74.125.68.155 74.125.68.155	() ()
91	24

15 2606:4700:3032::6815:1530 (United States)

ASN13335 (CLOUDFLARENET, US)

bareeqal5alij.hewaaya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c06::5f (Singapore)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c0f::5e (Singapore)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2404:6800:4003:c05::9c (Singapore)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c03::9b (Singapore)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2404:6800:4003:c11::9d (Singapore)

ASN15169 (GOOGLE, US)

adservice.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4003:c01::84 (Singapore)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c05::68 (Singapore)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.31 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534110.ip-149-56-240.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:21::8d65:780a (United States)

ASN13335 (CLOUDFLARENET, US)

e.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.155.68.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-68-21.sin52.r.cloudfront.net

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.33.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-57.sin2.r.cloudfront.net

onetag-geo.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.88.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-11.sin2.r.cloudfront.net

data-beacons.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.191.163.152 (None, ) 1 redirects

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.227.254.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-254-114.sin52.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d3c (United States)

ASN13335 (CLOUDFLARENET, US)

t.dtscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.228.146.168 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:a71f (None, )

ASN- ()

a.dtssrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:1::6813:864e (None, ) 1 redirects

ASN- ()

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.150.81 (Singapore) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.71.131.137 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.251.14 (None, )

ASN- ()

audex.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.110.154 (None, )

ASN13335 (CLOUDFLARENET, US)

dmp.truoptik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 106.10.236.147 (None, ) 1 redirects

ASN- ()

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.74.162.2 (None, ) 1 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.251.140.206 (None, ) 1 redirects

ASN- ()

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.68.155 (None, ) 1 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	hewaaya.com bareeqal5alij.hewaaya.com — Cisco Umbrella Rank: 771374	124 KB
11	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111 tpc.googlesyndication.com — Cisco Umbrella Rank: 144	255 KB
10	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1289 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1029 sync.crwdcntrl.net — Cisco Umbrella Rank: 813	25 KB
5	s-onetag.com get.s-onetag.com — Cisco Umbrella Rank: 4144 onetag-geo.s-onetag.com — Cisco Umbrella Rank: 5165 data-beacons.s-onetag.com — Cisco Umbrella Rank: 13493	14 KB
4	eyeota.net 1 redirects ps.eyeota.net	3 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 340	2 KB
3	tapad.com 3 redirects pixel.tapad.com — Cisco Umbrella Rank: 461	1 KB
3	dtscout.com e.dtscout.com — Cisco Umbrella Rank: 16545 t.dtscout.com — Cisco Umbrella Rank: 12955	5 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 85 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net Failed	10 KB
2	yahoo.com 2 redirects cms.analytics.yahoo.com ups.analytics.yahoo.com	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 777	550 B
2	mgid.com 1 redirects cm.mgid.com	547 B
2	lijit.com 1 redirects ap.lijit.com ce.lijit.com Failed	1006 B
2	google.com.sg adservice.google.com.sg — Cisco Umbrella Rank: 23250	696 B
2	histats.com s10.histats.com — Cisco Umbrella Rank: 16883 s4.histats.com — Cisco Umbrella Rank: 13663	5 KB
2	gstatic.com fonts.gstatic.com	43 KB
1	mathtag.com 1 redirects sync.mathtag.com	661 B
1	truoptik.com dmp.truoptik.com — Cisco Umbrella Rank: 2475
1	userreport.com audex.userreport.com	432 B
1	dtssrv.com a.dtssrv.com	461 B
1	dtscdn.com t.dtscdn.com — Cisco Umbrella Rank: 14517	600 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 972	327 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54	950 B
0	simpli.fi Failed um.simpli.fi Failed
0	linkedin.com Failed px.ads.linkedin.com Failed
0	liadm.com Failed i.liadm.com Failed
0	adnxs.com Failed secure.adnxs.com Failed ib.adnxs.com Failed
0	turn.com Failed d.turn.com Failed
0	bluekai.com Failed tags.bluekai.com Failed
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	rubiconproject.com Failed token.rubiconproject.com Failed
0	sitescout.com Failed pixel-sync.sitescout.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	ib-ibi.com Failed global.ib-ibi.com Failed
0	clickagy.com Failed aorta.clickagy.com Failed
0	krxd.net Failed beacon.krxd.net Failed
0	demdex.net Failed dpm.demdex.net Failed
0	rqtrk.eu Failed wt.rqtrk.eu Failed
0	amazon-adsystem.com Failed s.amazon-adsystem.com Failed
0	onaudience.com Failed pixel.onaudience.com Failed
91	41

	Domain	Requested by
15	bareeqal5alij.hewaaya.com	bareeqal5alij.hewaaya.com
8	pagead2.googlesyndication.com	bareeqal5alij.hewaaya.com pagead2.googlesyndication.com tpc.googlesyndication.com
5	sync.crwdcntrl.net	bcp.crwdcntrl.net
4	ps.eyeota.net	1 redirects
4	match.adsrvr.org	4 redirects
3	pixel.tapad.com	3 redirects
3	tags.crwdcntrl.net	e.dtscout.com tags.crwdcntrl.net
3	get.s-onetag.com	e.dtscout.com get.s-onetag.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	image6.pubmatic.com	2 redirects
2	cm.mgid.com	1 redirects bcp.crwdcntrl.net
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	ap.lijit.com	1 redirects data-beacons.s-onetag.com
2	t.dtscout.com	e.dtscout.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.com.sg	pagead2.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
1	cm.g.doubleclick.net	bcp.crwdcntrl.net
1	sync.mathtag.com	1 redirects
1	ups.analytics.yahoo.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	dmp.truoptik.com	bcp.crwdcntrl.net
1	audex.userreport.com	bcp.crwdcntrl.net
1	a.dtssrv.com	e.dtscout.com
1	t.dtscdn.com	e.dtscout.com
1	data-beacons.s-onetag.com	get.s-onetag.com
1	onetag-geo.s-onetag.com	get.s-onetag.com
1	e.dtscout.com	s4.histats.com
1	s4.histats.com	s10.histats.com
1	www.google.com	tpc.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	s10.histats.com	bareeqal5alij.hewaaya.com
1	fonts.googleapis.com	bareeqal5alij.hewaaya.com
0	ib.adnxs.com Failed
0	ce.lijit.com Failed
0	um.simpli.fi Failed
0	px.ads.linkedin.com Failed
0	i.liadm.com Failed
0	secure.adnxs.com Failed	bcp.crwdcntrl.net
0	d.turn.com Failed	bcp.crwdcntrl.net
0	tags.bluekai.com Failed	bcp.crwdcntrl.net
0	sync-tm.everesttech.net Failed	bcp.crwdcntrl.net
0	token.rubiconproject.com Failed	bcp.crwdcntrl.net
0	pixel-sync.sitescout.com Failed	bcp.crwdcntrl.net
0	sync.srv.stackadapt.com Failed	bcp.crwdcntrl.net
0	global.ib-ibi.com Failed	bcp.crwdcntrl.net
0	aorta.clickagy.com Failed	bcp.crwdcntrl.net
0	beacon.krxd.net Failed	bcp.crwdcntrl.net
0	dpm.demdex.net Failed	bcp.crwdcntrl.net
0	wt.rqtrk.eu Failed	bcp.crwdcntrl.net
0	s.amazon-adsystem.com Failed	bcp.crwdcntrl.net
0	pixel.onaudience.com Failed
91	53

This site contains links to these domains. Also see Links.

Domain
www.q2amarket.com
www.question2answer.org

Subject Issuer	Validity	Valid
*.hewaaya.com GTS CA 1P5	`2023-01-25` - `2023-04-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
histats.com R3	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.google.com.sg GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.dtscout.com GTS CA 1P5	`2023-01-29` - `2023-04-29`	3 months	crt.sh
*.s-onetag.com Amazon	`2022-12-04` - `2024-01-02`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.dtscdn.com GTS CA 1P5	`2023-01-24` - `2023-04-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-01` - `2023-07-01`	a year	crt.sh
*.userreport.com Amazon	`2022-12-20` - `2024-01-18`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://bareeqal5alij.hewaaya.com/user/portshape95
Frame ID: E83D1BC5BDE1A9C6FA4E0DDA433466E9
Requests: 50 HTTP requests in this frame

Frame: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676462400
Frame ID: DECA764FF2476CDE30577259CAD194C3
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html
Frame ID: 2E2CE175EDAA8B7E2E47D2C9864A623D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1676473142&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676473142619&bpp=5&bdt=775&idt=82&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7019683834650&frm=20&pv=2&ga_vid=1889697877.1676473143&ga_sid=1676473143&ga_hid=1612612084&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31072259%2C44779793&oid=2&pvsid=1766661976710226&tmod=2133881502&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=103
Frame ID: B5609A70036DF0357E9B91A4783901E9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8C3F84A9ADE7268AA9BB925BB7C1B11B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A72B71508A2D3421E0984E4D85CA2ED8
Requests: 2 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=4C30167647314518588D90BF5B0D49C9
Frame ID: 9A57A29C4C9B7EA089DAC087F52B9F15
Requests: 1 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Frame ID: 9270789A7B658363D6789C0A9A295ED1
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Frame ID: 41823AE48A3225C0F1C5DABE8B2F243E
Requests: 24 HTTP requests in this frame

Frame: https://get.s-onetag.com/underground-sync-portal/Portal.html
Frame ID: B39C38184482BA9A7F1B08B9A75A76F0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

بريق الخليج

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

91
Requests

62 %
HTTPS

40 %
IPv6

41
Domains

53
Subdomains

24
IPs

5
Countries

488 kB
Transfer

1243 kB
Size

37
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.q2amarket.com/
Title: Q2A Market

Search URL Search Domain Scan URL

URL: http://www.question2answer.org/
Title: Question2Answer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://ap.lijit.com/readerinfo/v2 HTTP 307
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true

Request Chain 53

https://cm.mgid.com/m?cdsp=712809&uspString={uspString}&gdpr=0&consentData=&c=c2483e770cd52c0952b862579d79c7f HTTP 307
https://cm.mgid.com/m?c=c2483e770cd52c0952b862579d79c7f&cdsp=712809&consentData=&gdpr=0&uspString=%7BuspString%7D&sct=1

Request Chain 56

https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&rd=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D240%26tp%3DPUBM%26tpid%3D%23PM_USER_ID%26gdpr%3D0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&rd=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D240%26tp%3DPUBM%26tpid%3D%23PM_USER_ID%26gdpr%3D0&rdf=1 HTTP 302
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=5846E758-C03A-4949-A428-BB1C2B7074F2&gdpr=0

Request Chain 57

https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=e5cf199e-e1e9-41ea-ab99-08985e41b054/gdpr=0/gdpr_consent=

Request Chain 59

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=c2483e770cd52c0952b862579d79c7f&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=c2483e770cd52c0952b862579d79c7f&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=08baef9d-fd3d-41d5-9d19-51f949b3ea69%252Chttps%25253A%25252F%25252Fsync.crwdcntrl.net%25252Fmap%25252Fc%25253D10158%25252Ftp%25253DTPAD%25252Ftpid%25253D08baef9d-fd3d-41d5-9d19-51f949b3ea69%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=e5cf199e-e1e9-41ea-ab99-08985e41b054&ttd_puid=08baef9d-fd3d-41d5-9d19-51f949b3ea69%2Chttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%253D10158%252Ftp%253DTPAD%252Ftpid%253D08baef9d-fd3d-41d5-9d19-51f949b3ea69%2C HTTP 302
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=08baef9d-fd3d-41d5-9d19-51f949b3ea69

Request Chain 66

https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0 HTTP 302
https://ups.analytics.yahoo.com/ups/58736/cms?partner_id=LOTME&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-Se78GNBE2pzTJPFkE4Ube4ONvo53W6jq0cI-~A&gdpr=0

Request Chain 67

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D%26src=lot%26gdpr%3D0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=3a0d63ec-f33b-4f00-87af-166954f6380f&src=lot&gdpr=0

Request Chain 77

https://px.ads.linkedin.com/db_sync?pid=15697&puuid=GKUjBSZHSZ8bLvthTkaA8IWj&rand=74712&pu= HTTP 302
https://px.ads.linkedin.com/db_sync?pid=15697&puuid=GKUjBSZHSZ8bLvthTkaA8IWj&rand=74712&pu=&expected_cookie=88b84a05-fb0d-4477-b833-5638cf3fd329

Request Chain 82

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=GKUjBSZHSZ8bLvthTkaA8IWj/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id} HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=c2483e770cd52c0952b862579d79c7f

Request Chain 83

https://ps.eyeota.net/pixel?pid=51md42u&t=ajs&e_pc=3&e_mr=0 HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=51md42u&t=ajs&e_pc=3&e_mr=0

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmhERHNLeV9wSG9NTDJZNkdGTjJRR2RISDNKYTJqNWpISTdFUEJmTFJESkU&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=51md42u HTTP 302
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=51md42u&google_gid=CAESEDojafJ4SJBBVjRQxLjWSMI&google_cver=1

Request Chain 86

https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/match?uid=e5cf199e-e1e9-41ea-ab99-08985e41b054&bid=1e2n4ou

91 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request portshape95 Show response
bareeqal5alij.hewaaya.com/user/ 9 KB
4 KB 759ms
728ms Document
text/html 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab858303161588e27d5fe3398ab351c122c158810e209238d23399867c6ba6a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 799ee7abfbfca059-SIN
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 15 Feb 2023 14:59:01 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mugD7IWdzmaqAnCz%2F66GkVr4t8edUd9wWQ0HE%2BSJyqO%2FnjYSEsBKRbxVvqNehIM4D4gq4xsBC8KoN474cGVAEC1qndGHI5MqZUVwH0mSqL9qGKx9epZHydi6NIppznquSzqX8ilfreYbkFzX8xrcYRtJztyDVBVz"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 qa-styles.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/ 57 KB
11 KB 38ms
37ms Stylesheet
text/css 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 205683
cf-polished: origSize=72433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 12 Jan 2019 22:22:42 GMT
server: cloudflare
etag: W/"5c3a68b2-11af1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVDdCPnd2RUe44oZ0VykqYtPCzjTwYC1Gpow4kTvRTV1FvJEMbyeVtRROXiJfVdq%2FW1Ejv5TCCk0Bn1Hq2I5jw%2FDTT4MJT1EuNIPGVtt%2BYcTaIRugJGz2ajggyiv9kH3a239GDibmTdmQQvwSM90SOA3petIaEal"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 799ee7b09b46a059-SIN
expires: Wed, 15 Mar 2023 05:50:58 GMT

GET
H2 200 qa-styles-rtl.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/ 6 KB
2 KB 36ms
36ms Stylesheet
text/css 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles-rtl.css?1.8.3
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 205683
cf-polished: origSize=7514
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 12 Jan 2019 22:22:42 GMT
server: cloudflare
etag: W/"5c3a68b2-1d5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6dL4jJ%2BrW4cLnYNfh9GTpfk8Gg9dTSmtQEBdrRwTDJXjfZ%2BNdBAHJhQeQwxdaqnQcSWXle%2B6dCpiTRoHEBuUIuwOGmVJVC5KAcyzVvsESVtuQgSS3I6PJCOwiYzsGvA4d%2Fz1%2B7DVnWP0lTn%2Ft2G2ePU%2F08IGG92"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 799ee7b09b48a059-SIN
expires: Wed, 15 Mar 2023 05:50:58 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
950 B 54ms
9ms Stylesheet
text/css 2404:6800:4003:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap

Requested by

Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c06::5f , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1604d7fd902f76d2b32dfc2bbdd7a6c6fa0184d5b937af08b546f82701ebb287

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 14:59:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 14:59:01 GMT

GET
H2 200 rocket-loader.min.js Show response
bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 24ms
24ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Feb 2023 11:11:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ecbdcc-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yT1V%2BMp1FPPu8nE8mvhzUGWP7u7BlaA0Asu8egX3IhAQlzBgOtFFEVHRADvtHc54h5NSQD%2FMZl9IalztNT%2B6AE2it6FE9h33bp50V3dbBy%2BYFi9tf8RTvLvo1LtZrrkrnLy3YK3TurOpOlHejd0zkuNQD8bPwqIv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 799ee7b0bb72a059-SIN
expires: Fri, 17 Feb 2023 14:59:01 GMT

GET
H3 200 spinner-icon-14x14.gif
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/ 8 KB
8 KB 661ms
661ms Image
image/gif 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
cf-cache-status: MISS
last-modified: Sat, 12 Jan 2019 22:15:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "5c3a66f4-1e65"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ahe8hwtmnIb6UvuR4g6hHZvBD2UXilLeNmQNYllAkNCQWDJaq0ZMAHQfnESI0BGCMoQnSIcMQE6XbwFtvf2JhHFce15F7DrgiesoU3umR1E6%2FzBQU8UI%2FHcQYNsZqS%2FAN%2FOKqwZYp6h9wMkzVIQ7hSMPFHKMT6KO"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 799ee7b0fdb12e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7781
expires: Fri, 17 Mar 2023 14:59:02 GMT

GET
H3 200 fontello.woff
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/ 7 KB
8 KB 682ms
681ms Font
font/woff 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin: https://bareeqal5alij.hewaaya.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2016 22:01:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "57968c56-1c20"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j872NsRlheEr8wl2oMZUZmvPi1HliskHvD%2FAou88yplf3icmFE%2BvUo2ooGN0J3lClGgLmZSPWLBj7a9WjiyM4l1OnTdXsu7salNj2p5J1ZuH%2F9t2w%2BYWJckS3pp%2FwWoIhMLo8LnuRpcCzSYi1mEZjn35TjYZ8D5Q"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 799ee7b0fdb42e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7200

GET
H2 200 K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2
fonts.gstatic.com/s/elmessiri/v18/ 20 KB
20 KB 18ms
8ms Font
font/woff2 2404:6800:4003:c0f::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/elmessiri/v18/K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c0f::5e , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bareeqal5alij.hewaaya.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 01:50:38 GMT
x-content-type-options: nosniff
age: 565703
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20108
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 18:08:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 01:50:38 GMT

GET
H2 200 K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2
fonts.gstatic.com/s/elmessiri/v18/ 23 KB
23 KB 15ms
5ms Font
font/woff2 2404:6800:4003:c0f::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/elmessiri/v18/K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c0f::5e , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bareeqal5alij.hewaaya.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:41:43 GMT
x-content-type-options: nosniff
age: 8238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23296
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 17:51:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 12:41:43 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 54ms
34ms Script
text/javascript 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49c3e6e6e4849e0ba95714c8b7781df8be1a1e762d13ef6a37db9f7643ee5781

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49432
x-xss-protection: 0
server: cafe
etag: 12338886175419982136
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 14:59:01 GMT

GET
H3 200 snow-core.js Show response
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/ 2 KB
1 KB 664ms
663ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/snow-core.js?1.8.3
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 12 Jan 2019 22:22:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5c3a68b2-94f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jNawj8us6ewXYxhAtghxVyQqOjg6JMGCFBKf%2BGcFeQAb438PmkPAMLBTRCIhPtL%2BrOqy96wfQzruxaTe%2BZt%2BcZwYTppCVf2U0PAwQ3iI496WNuZUtI6kNtupQb7ncR8hNZjIGITl0Z5ZhNGcJPNSCNJZiVQrL0YT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 799ee7b11dd42e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 17 Mar 2023 14:59:02 GMT

GET
H3 200 qa-global.js Show response
bareeqal5alij.hewaaya.com/qa-content/ 20 KB
6 KB 885ms
882ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-content/qa-global.js?1.8.3
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 12 Jan 2019 22:22:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5c3a68b2-5046"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjyFdIfhVTYLmN%2Fiy6%2F8zs%2BhiTcC2M%2BC5W1edyo6KPLNzpwDcW4gm6YoJXKI2fKd3BG668bx%2Fo9Q1NNUjudhAHkXLcyhGOo36PCiNJaTM5hnXEsLgrpNWZrviCYfX%2FIdlZ4VhsJoTwJqzA0Hyfc7nlFCwfowM19%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 799ee7b11dd92e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 17 Mar 2023 14:59:02 GMT

GET
H3 200 jquery-3.3.1.min.js Show response
bareeqal5alij.hewaaya.com/qa-content/ 85 KB
31 KB 1075ms
1074ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/qa-content/jquery-3.3.1.min.js
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/user/portshape95
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 07 Sep 2021 18:26:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6137aec4-1538f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iKcD2Mgj%2Fx0yPUb3yiKRWdjFEdfV7wtSCVzxTyYzq6A4rAk%2FWAIJjlK7cR9vxxGvvNzbeBfNIMj1nGm0RPaJ1WI4CsNWPVHTvZa98u3j%2BCk%2FPik9WXz%2FIBiUKRyA77oRHgU9EgqR0UOT7rAV3QGNTHMmqJoSzSIl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 799ee7b11ddb2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 17 Mar 2023 14:59:02 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 39ms
22ms Script
text/javascript 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411

Requested by

Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a61cb5ddd7f5bf71051521a288361c6684188b6d0edc17b3b18b08faa96ea282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Origin: https://bareeqal5alij.hewaaya.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49606
x-xss-protection: 0
server: cafe
etag: 9043338208363714770
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 14:59:01 GMT

GET
H3 200 invisible.js Show response
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame DECA 34 KB
14 KB 11ms
10ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676462400
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86781107a5be7c5f83e7be12e3011cb43775fe339fbf390961fee51b5a26e47b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8jdz9Rtsr93ndgqE0TWb3zY9eynYtVLVQfUSc3kg1xlnWXq0YA3qNNBO%2FxLFKHdKoaDWw8i55S%2FzHTovarm1%2BLZ4PyJc50RFliloiNkfODWb0QDO1mALeguBMfCkT4jeD3XomFv83zbsQReDQUpRLLbLtGVBRLE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 799ee7b11ddd2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame DECA 23 KB
9 KB 21ms
21ms Other
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c3b094d7acb7ea3d2059ef09ebdad6ad642abe2c4b2bba019cd58b18e48c468

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ib54TP1YXv1ktJdC0zlkFPWo3Qrm%2BEOC1Hr0R87ZnlcY5iLXw7rCs3TSgwofXHTrfHBs8hOa8WdalvYf8f54rn7RUm1hZheoJCW44SrZE1aOYKX2OVyRfGrNYY1Y1431w6NRI7OB6GjMbbvKPs93tHvxj8Y3ZG3c"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 799ee7b14e0d2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 799ee7abfbfca059 Show response
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame DECA 2 B
689 B 34ms
33ms XHR
text/plain 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/799ee7abfbfca059
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676462400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bE%2FUPPRY%2FXhSeMaMkP%2BYbhxzs5a6kqLjyM3a3t3P7cU8%2FNRlWLZG%2Fu1azDHVI%2FHZ%2Bak0AMulqRy19XdkAdW4e832W%2B57R3sNVI%2FpVj6uW10hUOWxJCDhfbKa9zImo9ucCSn6i5rpFcbvaE6MzG4wbkKSvtu%2F1Sp6"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 799ee7b398862e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
4 KB 1280ms
774ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:50:23 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.122.0/26
etag: "-375139978"
content-type: text/javascript
x-cdn-pop: bhs
accept-ranges: bytes
content-length: 4364
x-request-id: 582811965

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/ 366 KB
120 KB 45ms
45ms Script
text/javascript 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfcff55921b21283ccf435c9a4ceae1626c33231ae36ba9ce6d157bba18beddc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123015
x-xss-protection: 0
server: cafe
etag: 2161494908634117189
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 14:59:02 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/ Frame 2E2C 10 KB
5 KB 18ms
4ms Document
text/html 2404:6800:4003:c03::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c03::9b , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

age: 48629
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 01:28:33 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 01:28:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
327 B 15ms
11ms Script
text/javascript 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=bareeqal5alij.hewaaya.com&callback=_gfp_s_&client=ca-pub-8343227950611411

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02c7e37370f5160bfa679f2a619a0967ff3e92721592898747fff4c596ef73bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com.sg/adsid/ 107 B
531 B 29ms
6ms Script
application/javascript 2404:6800:4003:c11::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.sg/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::9d , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 25ms
9ms Script
application/javascript 2404:6800:4003:c11::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::9d , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 10ms
9ms Image
image/gif 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&tn=DIV&id=ak1231233&ign=false&pw=1600&ph=1200&x=0&y=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B560 13 KB
5 KB 203ms
202ms Document
text/html 2404:6800:4003:c03::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1676473142&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676473142619&bpp=5&bdt=775&idt=82&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7019683834650&frm=20&pv=2&ga_vid=1889697877.1676473143&ga_sid=1676473143&ga_hid=1612612084&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31072259%2C44779793&oid=2&pvsid=1766661976710226&tmod=2133881502&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=103

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c03::9b , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81aaf8ff047a38837949e05257b0a65293aa0e80afb5745a5bcb635f5d0bd77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 4887
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:59:02 GMT
expires: Wed, 15 Feb 2023 14:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 invisible.js Show response
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame DECA 34 KB
15 KB 10ms
10ms Script
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676462400
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/portshape95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 678805113db5da6ceb4b2e1ac1791a404c0412965fb3aaccb6ed177739d9b2e8

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWnFOnmeYANJ9OynN6NPiwDnoAlvcajr4T01dM9CjeC9fjMpjiOPjhkvzXFu0Akd2t1Xn0N4qJFYRpv9MIkcWTkY0ueIF2Vf1xZ%2BlGhSRSdLDSDfclaudnWeMwFMmh8wLD1RY746IqVPII5PacayLVPoyvP1NPYT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 799ee7b7fc5c2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 13ms
12ms XHR
application/json 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230213&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b748dec7659060d2731e4bb83efcc0beaf2cb51e69588966879165fbb3980ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11269
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com.sg/adsid/ 107 B
165 B 14ms
13ms Script
application/javascript 2404:6800:4003:c11::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.sg/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::9d , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 8ms
7ms Script
application/javascript 2404:6800:4003:c11::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::9d , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 24ms
7ms Script
text/javascript 2404:6800:4003:c01::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::84 , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 14:59:03 GMT

GET
H3 200 pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame DECA 22 KB
9 KB 10ms
10ms Other
application/javascript 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fd6768baa128ea520eaf09b0f003ad966a285342f44d848f57588170bfc204a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVQwtIFIuYqNo4YcjfkXN1jSFehd0y7kbAppu6aSgPEG7YLVKwIbTykQG2wriJ42tk7nO3lZbxB3byo8Lok5gkTP6VdYZvK0kZbIVw9Jo6S0Ba2DNpanJzbik4AoGvveF7S1UeDjEMnhUCpglQaE9AqFp%2F5Igmo5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 799ee7b82c8b2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8C3F 13 KB
5 KB 5ms
4ms Document
text/html 2404:6800:4003:c01::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::84 , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
age: 420834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 18:05:09 GMT
expires: Sat, 10 Feb 2024 18:05:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A72B 783 B
1 KB 18ms
8ms Document
text/html 2404:6800:4003:c05::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::68 , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1f42fd0048fc97038dedb36834fe23462b89f68e458f16730d0724d3df6c438c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7JjkZ2oA5NonAnJ4RMLt_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-7JjkZ2oA5NonAnJ4RMLt_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:59:03 GMT
expires: Wed, 15 Feb 2023 14:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8C3F 36 KB
14 KB 5ms
5ms Script
text/javascript 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Feb 2023 14:02:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 12 Feb 2024 14:02:49 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A72B 0
0 41ms
40ms Image
text/html 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230213&jk=1766661976710226&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8C3F 0
10 B 4ms
3ms Image
text/plain 2404:6800:4003:c01::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bSgZUw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4003:c01::84 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 799ee7abfbfca059 Show response
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame DECA 2 B
679 B 26ms
25ms XHR
text/plain 2606:4700:3032::6815:1530
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/799ee7abfbfca059
Requested by: Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676462400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1530 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Feb 2023 14:59:03 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkB5wYrhlGR7BJY4kSnQNyyuZBsntW8WewDZ2brQA8KHp2KWv459CM%2BRpOzepBggDTHi%2F7tBzQ2wdPHU9DsrgObvxH4pJyBYnUU0yWl6T1b8tW1z2%2FyySBPsUjm3QcVSxvcBgre5jSbFZvn2OGy0XNQYfeAuB0PW"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 799ee7ba2eab2e80-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 10ms
10ms Image
text/html 2404:6800:4003:c05::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230213&jk=1766661976710226&bg=!lZallsLNAAYuhb89DoU7ADkAdvg8Wn-ae_BI1hGGfxL_94BPzP9-hCtZmayj-mwLekNBd6sFOh8pCc5RCJwBdWMo-_xFWsV_hnMCAAAAS1IAAAACaAEHmQKhd-1cHFdnw4rUU1kILXgsFC2aZAitZCsze6wm8VpXvn3ADV_V0MiquwRig7JlKb5zuR1FSYoNSX2TZgZxfXcACg1C_DAw5r3cme_zCaXjVitrzVUZhfzMfASE2hf7QRn5t9yem9xPR8Zx6qzeaYQeKlpHcNV4UR4upSppCqk243K_uE8HBUGljRIMzsLy20Dlfxt0fmFlq3gQ8EHScOZfGysEP5_94tOr37jn5i5ZBTBxwUk8T77OA_Iu6i8Z0QxGLpHB3EojgA5EHHNhsgpNv5A4QkiAV4VYzMJtCK7ypQClk-_mO8L1jOfLhKrab8MH-Dd74qpekWT0n3WForHrlf0YrCKSu2_8J7dZ5YIz32t6FF60bzHbHPPOwxRulZdt5ROgOKXe6sSPdCpqMauDJtOiqZglC9Tpt4zcqeUQhdneEY5ndBGFMdTRjyBEfFioHR0Pljeh-xjguX9HOQB-UwBpBXpAI2rWAZpZEizo7ahoxdvCUBMESkdVzYS5YrBIRaIfk14pJyhyffkgUx6JAijT-7v8s2jjSFDS7_FT5Wel7tmXvSdv4kuB4MhRau45QGRI6aqh9NoFw9bft_zsla45-vPJdiB3EF04tr3PNdeiX5R5eRV1reGOna7QQDXkmhIhot9w_DZ2ON_BEbEE7thxp3wFUdYgdDMMf0blpVJdsFOdHJ-aNVsrisLHP33evqUuiYVEUYTSKRdEjUfT9oz3Z5u6U5GauM_3GiQ0en2yH4A7Ra5ZQbGug_Nh0b_7qbJNuTZDZwHUKzY6kxjkbujNWRPNF3KTE613WAs5JtZ-MpmkUH2D5oNO3De0HYtqsTArse0qOOVaypBzV-OhP3dsb5VCNZjbrnrMUgD9QwuENe6MXtXTLf6G73Z_Di_B2w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4003:c05::9c , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 379 B
514 B 753ms
252ms Script
text/html 149.56.240.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1676473143889&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-167676962&@b3:1676473144&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.31 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534110.ip-149-56-240.net
Software: /
Resource Hash: 9efa97a09aa9c7ea4d026f1f3c700e65bb3ae9e2abe1ed54f5f540b85bfac4e4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 14:59:04 GMT
Connection: close
Content-Length: 379
Content-Type: text/html;charset=UTF-8

GET
H2 200 / Show response
e.dtscout.com/e/ 7 KB
4 KB 577ms
550ms Script
application/javascript 2606:4700:21::8d65:780a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Requested by: Host: s4.histats.com
URL: https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1676473143889&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-167676962&@b3:1676473144&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&@w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::8d65:780a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46cf159c7a054ba1e24e6a2183451c3951224ac9c0479e2dee40476e76f36b2a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:05 GMT
x-t: 0.681
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmePLnEfzeqLsx7UWeKVKklXxIlSH2HurLhVJ0j%2BZRb40HxhnzYi47DiadzWeS%2FcERy%2BH7OgS%2F3YEHwsydoYAfFiApZlOIG1YFv95ioSHOcVhiHqTwey6dxREfGWlds4SUCKVA9MeYMLb6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache
x-s: mtl3
cf-ray: 799ee7c239649fb6-SIN
expires: Wed, 15 Feb 2023 14:59:04 GMT

GET
H2 200 / Show response
t.dtscout.com/idg/ Frame 9A57 1 KB
738 B 554ms
546ms Document
text/html 2606:4700:21::8d65:780a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/idg/?su=4C30167647314518588D90BF5B0D49C9
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::8d65:780a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58428a34061c5d3cda7d934c9e8c01deb571e8a63a87ce33b06740de16a1cb01

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 799ee7c98de19fb6-SIN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 14:59:06 GMT
expires: Wed, 15 Feb 2023 14:59:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YiiJ9Qr%2BVRn8aXt4bQvnY70R%2FRG418dYUzQeIaXSete7cz1mckEj6WJZbjjMPWzvRHREJk%2Fm8VD7Z%2BEpo7YkSR8G7qrESctZn3cMLe1gmz7TLNiTloobE7wSQz8H58%2FcZ5H9zM20bfNfFNM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 tag.min.js Show response
get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/ 30 KB
10 KB 36ms
4ms Script
text/javascript 18.155.68.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.68.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-68-21.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: caf00dccdfb24b237c2e763929bbdbf10d64d66606688390a39c6456fbddb409

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 19:19:50 GMT
x-amz-version-id: ePoTNcv0DaSHt0vz0AKUJEI0tBAExaJ3
content-encoding: gzip
last-modified: Thu, 25 Aug 2022 14:07:06 GMT
server: AmazonS3
via: 1.1 4051cd1127320e383387d289cc46a5fc.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-P1
etag: W/"c722c8e06c3a9be75b009576c49f7792"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=86400
age: 70756
x-amz-cf-id: cntrePZsRw0W5mZV72HIEialvqu5UeeaH4YMnOexIoSwUVNjzQahkA==

GET
H2 200 / Show response
t.dtscout.com/pv/ 50 B
396 B 545ms
536ms Script
application/javascript 2606:4700:21::8d65:780a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/pv/?_a=v&_h=bareeqal5alij.hewaaya.com&_ss=5icz4d8g3m&_pv=1&_ls=0&_u1=1&_u3=1&_cc=sg&_pl=d&_cbid=51db&_cb=_dtspv.c
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::8d65:780a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 994693fc14b72c5dfaadf9a7cccb6513d9dc5455c635b4dd3e631930374fe563

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:06 GMT
x-t: 0.14
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=61oz3%2BIdc4iq1WZIGc%2FHHwPfNbyEzxUvU6CXBI5QYuJ01Vxt9SsbK9QWFj4ziTcssJSoXhrhfAYmocz4wsfnJNv2ZALUy7ijOiYEImZb%2BaDfOzzRS%2Bk3V09am4KGGZHGrmpU2VtAphDmrdg%3D"}],"group":"cf-nel","max_age":604800}
x-c: 0
content-type: application/javascript
cache-control: no-cache
cf-ray: 799ee7c98de49fb6-SIN
expires: Wed, 15 Feb 2023 14:59:05 GMT

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 535 B
940 B 230ms
211ms Fetch
application/json 13.33.33.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.33.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-33-57.sin2.r.cloudfront.net
Software: /
Resource Hash: e6fb9c3b8c7657ae2ff8b85860105410994ba2dd9461388484c6f90ab32759ae

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:06 GMT
via: 1.1 988e86815669491446c291c607aeb5e8.cloudfront.net (CloudFront), 1.1 446026fb3dafe55d3602866eda0c744a.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN2-C1, SIN2-P1
x-amzn-requestid: 5a7bb929-f92b-4239-9ab0-5f60b24044ae
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-apigw-id: AYrxHHXvCYcFoOw=
content-length: 535
x-amz-cf-id: Dce581Cze2A5nUQ5OcK0eKcv53foVewCNqYYyYh-UtCBlmAmwxDXzg==

GET
H2 200 dataBeacons.min.js Show response
data-beacons.s-onetag.com/ 5 KB
2 KB 46ms
4ms Script
text/javascript 13.33.88.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data-beacons.s-onetag.com/dataBeacons.min.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.88.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-88-11.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07dbb740764ddcc657e44a4f2767a85c877c6c92262615acefe839c0ca07c9e9

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: AynV9CxPKzE_gbaRfuvHkmlMpRA2Kx_l
content-encoding: gzip
via: 1.1 09c63a510feb1b96fe87d2cfe41d34ae.cloudfront.net (CloudFront)
date: Wed, 15 Feb 2023 14:26:00 GMT
last-modified: Mon, 30 Jan 2023 17:09:16 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 1986
etag: W/"b33b67ced6b706568683ecea83e198c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: 1ULuGaAcCKEfkau2e8LcaG3xuC3E_HScKKjtXqkkfzbC-lh5H1N7vg==

GET
H/1.1

200
OK

v2 Show response
ap.lijit.com/readerinfo/
Redirect Chain

https://ap.lijit.com/readerinfo/v2
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true

41 B
478 B

186ms
186ms

Fetch
application/json

209.191.163.152

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Protocol: HTTP/1.1
Server: 209.191.163.152 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a3d5cc894c302b131aa5a7b2d050aa8238da907d6235fc6b15bbe905f7caa4f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:06 GMT
content-encoding: gzip
pod: X-Sovrn-Pod: ad_ap1sfo1
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET, POST, DELETE, PUT
content-type: application/json
access-control-allow-origin: https://bareeqal5alij.hewaaya.com
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 61

Redirect headers

date: Wed, 15 Feb 2023 14:59:06 GMT
pod: X-Sovrn-Pod: ad_ap1sfo1
access-control-allow-methods: GET, POST, DELETE, PUT
location: https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
access-control-allow-origin: https://bareeqal5alij.hewaaya.com
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 0

GET
H2 200 lt.min.js Show response
tags.crwdcntrl.net/lt/c/3825/ 52 KB
16 KB 39ms
9ms Script
text/javascript 13.227.254.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.254.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-254-114.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6691c17050e97fa3a70eb75b6da5d601b461af4d26b954f87dcddbf354f61eda

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 19:35:10 GMT
content-encoding: gzip
via: 1.1 4e0b5cb07c18d66b4d938e898c1c7bf2.cloudfront.net (CloudFront)
last-modified: Thu, 05 Jan 2023 18:30:29 GMT
server: AmazonS3
x-amz-cf-pop: SIN52-C3
age: 69837
etag: W/"d92273856cbc8d3aad0c2259f9be9a68"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: f_KYwq7v6gOZP8os5wP-iDuDRtP8zWuAjHD3gmJNgKz9R1XUgJyhhQ==

GET
H2 200 / Show response
t.dtscdn.com/widget/ 0
600 B 371ms
348ms Script
application/javascript 2606:4700:20::681a:d3c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscdn.com/widget/?d=4C30167647314518588D90BF5B0D49C9&nid=300&p=836148727&t=0&s=1600x1200x24&u=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&r=
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d3c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:06 GMT
x-t: 49.3
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=En4IZLpwsMsgggWzkvLtTPgGD3I%2BcM6jou7dWzCfG9XvxJgN0jOwHIbJ%2F37%2Bo5Y2aswxVK9fDeA4V3RAkxM5Y0DwC6j3cnnDNsgPba4%2Foz2dCBgDhmbbJgxTtDwqAf7lOBzRgYnF6MgW1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: no-cache
x-server: web14.ny1.dtscdn.com
cf-ray: 799ee7cd2e8b8805-SIN
expires: Wed, 15 Feb 2023 13:00:51 GMT

GET /
pixel.onaudience.com/ 0
0

GET
H2 200 optimus_rules.json Show response
tags.crwdcntrl.net/lt/c/3825/ 4 KB
1 KB 28ms
13ms XHR
application/json 13.227.254.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/3825/optimus_rules.json
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.254.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-254-114.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 15 Feb 2023 04:45:05 GMT
content-encoding: gzip
via: 1.1 f06aaad108598501fc8aab5df5423ad8.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
age: 36842
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 05 Jan 2023 18:30:29 GMT
server: AmazonS3
etag: W/"6db43f44304c37d76768275ee4f01ba4"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age: 86400
x-amz-cf-id: PCdowZ7QnWKnXvexTNkDcuj7FP1CJLIycLkm7lfR4u-PLaXoI3JG6w==

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ 602 B
1 KB 96ms
70ms XHR
application/json 13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2be33f127574f6bc2c083bde1dacac399c1cc6a640b2e036af6554b04a5baf05

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://bareeqal5alij.hewaaya.com
cache-control: no-cache
x-server: 10.42.14.126
access-control-allow-credentials: true
content-length: 602
expires: 0

POST
H2 200 a
a.dtssrv.com/ 0
461 B 377ms
250ms Ping
text/html 2606:4700:e4::ac40:a71f

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dtssrv.com/a?i=4C30167647314518588D90BF5B0D49C9&k=lotpano&v=98442ae57e270e1573ec466eea5ce32246b028d809a19934c7a44327ef112389
Requested by: Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fportshape95&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a71f -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:59:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7FYuwHIP40q2pbbnt9Ltdw0KXn4kqcaEf%2FUCIaaiJgg1NUE9d1xzAhwyz3uD%2F%2FLRMLSv0p%2Bm7f7lNyKjULKZ489Nc5tyGCAvAOw3TaS1CqMZrsWv4CVsViKQfTaUS73FVAZDJnJQIHa4OyU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 799ee7cef8608962-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 lt.iframe.html Show response
tags.crwdcntrl.net/lt/shared/2/ Frame 9270 2 KB
1 KB 128ms
127ms Document
text/html 13.227.254.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.254.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-254-114.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

age: 69837
cache-control: max-age: 86400
content-encoding: gzip
content-type: text/html
date: Tue, 14 Feb 2023 19:35:10 GMT
etag: W/"6fcf4f5197ab24c92d090f6ac8d87e01"
last-modified: Mon, 01 Feb 2021 20:35:17 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 4e0b5cb07c18d66b4d938e898c1c7bf2.cloudfront.net (CloudFront)
x-amz-cf-id: 75YyviO1WUztgZsrbNKyCHeeTu3JHmLIK0bWaHlXEMz9Jr8DWmsjKA==
x-amz-cf-pop: SIN52-C3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H2 200 pixels Show response
bcp.crwdcntrl.net/ Frame 4182 4 KB
4 KB 5ms
5ms Document
text/html 13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 981dda8927d4b46c926f820535333b74d4615f58fba271fff556b05b3fbacbe3

Request headers

Referer: https://tags.crwdcntrl.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

cache-control: no-cache
content-length: 3623
content-type: text/html
date: Wed, 15 Feb 2023 14:59:06 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.42.24.182

GET
H2

200

m
cm.mgid.com/ Frame 4182
Redirect Chain

https://cm.mgid.com/m?cdsp=712809&uspString={uspString}&gdpr=0&consentData=&c=c2483e770cd52c0952b862579d79c7f
https://cm.mgid.com/m?c=c2483e770cd52c0952b862579d79c7f&cdsp=712809&consentData=&gdpr=0&uspString=%7BuspString%7D&sct=1

43 B
179 B

229ms
228ms

Image
image/gif

2606:4700:1::6813:864e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?c=c2483e770cd52c0952b862579d79c7f&cdsp=712809&consentData=&gdpr=0&uspString=%7BuspString%7D&sct=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 2606:4700:1::6813:864e -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 799ee7d0ad1a6bff-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
location: https://cm.mgid.com/m?c=c2483e770cd52c0952b862579d79c7f&cdsp=712809&consentData=&gdpr=0&uspString=%7BuspString%7D&sct=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 799ee7cf4a5b6bff-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

GET dcm
s.amazon-adsystem.com/ Frame 4182 0
0

GET /
wt.rqtrk.eu/ Frame 4182 0
0

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 4182
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&rd=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D240%26tp%3DPUBM%26tpid%3D%23PM_USER_ID%26gdpr%3D0
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&rd=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D240%26tp%3DPUBM%26tpid%3D%23PM_USER_ID%26gdpr%3D0&rdf=1
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=5846E758-C03A-4949-A428-BB1C2B7074F2&gdpr=0

49 B
265 B

36ms
33ms

Image
image/gif

13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=5846E758-C03A-4949-A428-BB1C2B7074F2&gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.17.118
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=5846E758-C03A-4949-A428-BB1C2B7074F2&gdpr=0
date: Wed, 15 Feb 2023 14:59:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

gdpr_consent=
sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=e5cf199e-e1e9-41ea-ab99-08985e41b054/gdpr=0/ Frame 4182
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=e5cf199e-e1e9-41ea-ab99-08985e41b054/gdpr=0/gdpr_consent=

49 B
263 B

36ms
30ms

Image
image/gif

13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=e5cf199e-e1e9-41ea-ab99-08985e41b054/gdpr=0/gdpr_consent=
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.27.4
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=e5cf199e-e1e9-41ea-ab99-08985e41b054/gdpr=0/gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 249

GET
H/1.1 200
OK ltm
audex.userreport.com/sync/put/ Frame 4182 43 B
432 B 197ms
163ms Image
image/gif 52.84.251.14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://audex.userreport.com/sync/put/ltm?ltmid=c2483e770cd52c0952b862579d79c7f
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.251.14 -, , ASN (),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 14:59:06 GMT
Via: 1.1 f2f73edfafc086543441bca742024226.cloudfront.net (CloudFront)
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.22.0
X-Amz-Cf-Pop: SIN5-C1
X-Cache: Miss from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-Amz-Cf-Id: syXe7iXUzKFSbKZN0Pbcp8Yy6UxOFfZzR5IW9ZCnu4X5zKtry_DHmA==

GET
H2

200

tpid=08baef9d-fd3d-41d5-9d19-51f949b3ea69
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 4182
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=c2483e770cd52c0952b862579d79c7f&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpi...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=c2483e770cd52c0952b862579d79c7f&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=08baef9d-fd3d-41d5-9d19-51f949b3ea69%252Chttps%25253A%25252F%25252Fsync.crwdcntrl.net%25252Fmap%25252Fc%25253D10158%25252...
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=e5cf199e-e1e9-41ea-ab99-08985e41b054&ttd_puid=08baef9d-fd3d-41d5-9d19-51f949b3ea69%2Chttps%253A%252F%252Fsync.crwdcntrl.n...
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=08baef9d-fd3d-41d5-9d19-51f949b3ea69

49 B
263 B

10ms
9ms

Image
image/gif

13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=08baef9d-fd3d-41d5-9d19-51f949b3ea69
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:06 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.7.9
content-length: 49
expires: 0

Redirect headers

date: Wed, 15 Feb 2023 14:59:06 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=08baef9d-fd3d-41d5-9d19-51f949b3ea69
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 403 sync.gif
dmp.truoptik.com/f2d2e39fc16bc9cc/ Frame 4182 0
0 41ms
11ms Image
text/html 104.16.110.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.110.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET ibs:dpid=121998&dpuuid=c2483e770cd52c0952b862579d79c7f&gdpr=0&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D%2Fgdpr=0
dpm.demdex.net/ Frame 4182 0
0

GET usermatch.gif
beacon.krxd.net/ Frame 4182 0
0

GET pixel.gif
aorta.clickagy.com/ Frame 4182 0
0

GET image.sbxx
global.ib-ibi.com/ Frame 4182 0
0

GET sync
sync.srv.stackadapt.com/ Frame 4182 0
0

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 4182
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0
https://ups.analytics.yahoo.com/ups/58736/cms?partner_id=LOTME&gdpr=0
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-Se78GNBE2pzTJPFkE4Ube4ONvo53W6jq0cI-~A&gdpr=0

49 B
265 B

7ms
7ms

Image
image/gif

13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-Se78GNBE2pzTJPFkE4Ube4ONvo53W6jq0cI-~A&gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:07 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.16.159
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-Se78GNBE2pzTJPFkE4Ube4ONvo53W6jq0cI-~A&gdpr=0
date: Wed, 15 Feb 2023 14:59:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 4182
Redirect Chain

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D%26src=lot%26gdpr%3D0
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=3a0d63ec-f33b-4f00-87af-166954f6380f&src=lot&gdpr=0

49 B
265 B

9ms
8ms

Image
image/gif

13.228.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=3a0d63ec-f33b-4f00-87af-166954f6380f&src=lot&gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=155%2C153%2C150%2C136%2C116%2C115%2C106%2C104%2C94%2C80%2C79%2C78%2C54%2C41%2C38%2C33%2C31%2C26%2C22%2C12%2C7%2C3%2C2&c=3825
Protocol: H2
Server: 13.228.146.168 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-146-168.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:07 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.14.146
content-length: 49
expires: 0

Redirect headers

Date: Wed, 15 Feb 2023 14:59:07 GMT
Server: MT3 457 2362390 master hkg-pixel-x19 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=3a0d63ec-f33b-4f00-87af-166954f6380f&src=lot&gdpr=0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 15 Feb 2023 14:59:06 GMT

GET usersync
pixel-sync.sitescout.com/connectors/lotame/ Frame 4182 0
0

GET token
token.rubiconproject.com/ Frame 4182 0
0

GET bsTd8NdE
sync-tm.everesttech.net/upi/pid/ Frame 4182 0
0

GET pixel
cm.g.doubleclick.net/ Frame 4182 0
0

GET 5907
tags.bluekai.com/site/ Frame 4182 0
0

GET pixel
cm.g.doubleclick.net/ Frame 4182 0
0

GET gdpr=0
d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/c2483e770cd52c0952b862579d79c7f/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/ Frame 4182 0
0

GET getuid
secure.adnxs.com/ Frame 4182 0
0

GET 59074
i.liadm.com/s/ 0
0

GET

db_sync
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/db_sync?pid=15697&puuid=GKUjBSZHSZ8bLvthTkaA8IWj&rand=74712&pu=
https://px.ads.linkedin.com/db_sync?pid=15697&puuid=GKUjBSZHSZ8bLvthTkaA8IWj&rand=74712&pu=&expected_cookie=88b84a05-fb0d-4477-b833-5638cf3fd329

0
0

GET lj_match
um.simpli.fi/ 0
0

GET 57333
i.liadm.com/s/ 0
0

GET
H2 200 Portal.html Show response
get.s-onetag.com/underground-sync-portal/ Frame B39C 85 B
465 B 47ms
46ms Document
text/html 18.155.68.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/underground-sync-portal/Portal.html
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.68.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-68-21.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c5a9c1da2841785221f3cbd5d59fb206a46a9f7b87acd9defbaaad16da7bc10f

Request headers

Referer: https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
age: 413843
cache-control: max-age=864000
content-length: 85
content-type: text/html
date: Fri, 10 Feb 2023 20:01:45 GMT
etag: "131a68f1a3ad405d816af56e04b93481"
last-modified: Mon, 24 Aug 2020 10:07:31 GMT
server: AmazonS3
via: 1.1 4051cd1127320e383387d289cc46a5fc.cloudfront.net (CloudFront)
x-amz-cf-id: qDqNJXN_izVfnqZm7hIDu6QKrpc84YjP2vxKQkRJcfZ4pl4w4ehICw==
x-amz-cf-pop: SIN52-P1
x-amz-version-id: DQOg1_kyPY_kvsj6PY1Vb4lkt_z.UEMu
x-cache: Hit from cloudfront

GET
H2 200 Portal.js Show response
get.s-onetag.com/underground-sync-portal/ Frame B39C 766 B
1 KB 5ms
3ms Script
text/javascript 18.155.68.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/underground-sync-portal/Portal.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/underground-sync-portal/Portal.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.68.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-68-21.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b0fe2ef3be2ee94968865b9c1f4a6df9047df6da9d6db098b14837964261183f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://get.s-onetag.com/underground-sync-portal/Portal.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 02:50:53 GMT
x-amz-version-id: 5ewrcwpMVzqiX_oZ8oVk1PODvYSULwU5
via: 1.1 4051cd1127320e383387d289cc46a5fc.cloudfront.net (CloudFront)
last-modified: Mon, 24 Aug 2020 10:07:19 GMT
server: AmazonS3
x-amz-cf-pop: SIN52-P1
age: 734895
etag: "145e495d0d92a3c8fd975bfe5485b72c"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=864000
accept-ranges: bytes
content-length: 766
x-amz-cf-id: cVVN9UJtC9NKZp9z52OGT-whvEakNFR9JIc11KmOqDcKX6AUd-F9Wg==

GET

merge
ce.lijit.com/
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=GKUjBSZHSZ8bLvthTkaA8IWj/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}
https://ce.lijit.com/merge?pid=5001&3pid=c2483e770cd52c0952b862579d79c7f

0
0

GET
H/1.1

200
OK

/ Show response
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=51md42u&t=ajs&e_pc=3&e_mr=0
https://ps.eyeota.net/pixel/bounce/?pid=51md42u&t=ajs&e_pc=3&e_mr=0

873 B
1 KB

20ms
20ms

Script
application/javascript

54.251.140.206

General

Check archive.org

Show headers Download Go to

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=51md42u&t=ajs&e_pc=3&e_mr=0
Protocol: HTTP/1.1
Server: 54.251.140.206 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe039f125f7366453a204c3360d4a5eccf70de8b7a0f5f24e959e9729d9af61e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/javascript
Date: Wed, 15 Feb 2023 14:59:07 GMT
Content-Length: 873
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /pixel/bounce/?pid=51md42u&t=ajs&e_pc=3&e_mr=0
Date: Wed, 15 Feb 2023 14:59:07 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET sovrn_standalone_beacon.js
ap.lijit.com/www/sovrn_beacon_standalone/ 0
0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmhERHNLeV9wSG9NTDJZNkdGTjJRR2RISDNKYTJqNWpISTdFUEJmTFJESkU&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer...
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=51md42u&google_gid=CAESEDojafJ4SJBBVjRQxLjWSMI&google_cver=1

70 B
440 B

24ms
22ms

Image
image/gif

54.251.140.206

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=51md42u&google_gid=CAESEDojafJ4SJBBVjRQxLjWSMI&google_cver=1
Protocol: HTTP/1.1
Server: 54.251.140.206 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 15 Feb 2023 14:59:07 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=51md42u&google_gid=CAESEDojafJ4SJBBVjRQxLjWSMI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 375
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ps.eyeota.net/match?uid=e5cf199e-e1e9-41ea-ab99-08985e41b054&bid=1e2n4ou

70 B
440 B

16ms
16ms

Image
image/gif

54.251.140.206

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=e5cf199e-e1e9-41ea-ab99-08985e41b054&bid=1e2n4ou
Protocol: HTTP/1.1
Server: 54.251.140.206 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://bareeqal5alij.hewaaya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 15 Feb 2023 14:59:07 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 14:59:07 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ps.eyeota.net/match?uid=e5cf199e-e1e9-41ea-ab99-08985e41b054&bid=1e2n4ou
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 191

GET match
d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/ 0
0

GET lons7jax
sync-tm.everesttech.net/upi/pid/ 0
0

GET getuid
ib.adnxs.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.onaudience.com
URL: https://pixel.onaudience.com/?partner=137085098&mapped=4C30167647314518588D90BF5B0D49C9

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=a8acf3b3-7ede-4e18-8405-edaf41005f97&id=c2483e770cd52c0952b862579d79c7f

Domain: wt.rqtrk.eu
URL: https://wt.rqtrk.eu/?pid=e34a6063-e846-4ccb-98d8-0eba4dd66b75&src=www&type=100&sid=0&cb=580971623&gdpr=0&gdpr_consent=&gdpr_pd=0&uid=c2483e770cd52c0952b862579d79c7f

Domain: dpm.demdex.net
URL: https://dpm.demdex.net/ibs:dpid=121998&dpuuid=c2483e770cd52c0952b862579d79c7f&gdpr=0&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D%2Fgdpr=0

Domain: beacon.krxd.net
URL: https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=c2483e770cd52c0952b862579d79c7f

Domain: aorta.clickagy.com
URL: https://aorta.clickagy.com/pixel.gif?ch=120&cm=c2483e770cd52c0952b862579d79c7f

Domain: global.ib-ibi.com
URL: https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=c2483e770cd52c0952b862579d79c7f

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=lotame&gdpr=0

Domain: pixel-sync.sitescout.com
URL: https://pixel-sync.sitescout.com/connectors/lotame/usersync?gdpr=0&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID%2Fgdpr%3D0

Domain: token.rubiconproject.com
URL: https://token.rubiconproject.com/token?pid=7&puid=c2483e770cd52c0952b862579d79c7f&gdpr=0

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?gdpr=0&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D%2Fgdpr%3D0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=YzI0ODNlNzcwY2Q1MmMwOTUyYjg2MjU3OWQ3OWM3Zg&gdpr=0

Domain: tags.bluekai.com
URL: https://tags.bluekai.com/site/5907?limit=0&id=2c85a6136524189f312246f1e746ca4f

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=lotameddp&google_hm=YzI0ODNlNzcwY2Q1MmMwOTUyYjg2MjU3OWQ3OWM3Zg&gdpr=0

Domain: d.turn.com
URL: https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/c2483e770cd52c0952b862579d79c7f/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/gdpr=0

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D281%2Ftp%3DANXS%2Ftpid%3D%24UID%2Fgdpr%3D0%2Frand=551336494

Domain: i.liadm.com
URL: https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=GKUjBSZHSZ8bLvthTkaA8IWj&rnd=19688

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/db_sync?pid=15697&puuid=GKUjBSZHSZ8bLvthTkaA8IWj&rand=74712&pu=&expected_cookie=88b84a05-fb0d-4477-b833-5638cf3fd329

Domain: um.simpli.fi
URL: https://um.simpli.fi/lj_match?r=61188

Domain: i.liadm.com
URL: https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=GKUjBSZHSZ8bLvthTkaA8IWj&rnd=66469

Domain: ce.lijit.com
URL: https://ce.lijit.com/merge?pid=5001&3pid=c2483e770cd52c0952b862579d79c7f

Domain: ap.lijit.com
URL: https://ap.lijit.com/www/sovrn_beacon_standalone/sovrn_standalone_beacon.js

Domain: d.turn.com
URL: https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&referrer_pid=51md42u

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26referrer_pid%3D51md42u

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/getuid?https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1%26referrer_pid%3D51md42u

Verdicts & Comments Add Verdict or Comment

279 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bareeqal5alij.hewaaya.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: j9bk1dfpbnk2r0ttmhi28sgqal
bareeqal5alij.hewaaya.com/	1970-01-20 09:44:05	Name: qa_key Value: j9ra5fn5xsnrj72w6h74u9pybf1r4zxt
.hewaaya.com/	1970-01-20 19:02:49	Name: __gads Value: ID=dff9e70f912227a9-22267e44d8d90051:T=1676473142:RT=1676473142:S=ALNI_MaA56R0ecG2VDsYYh2cpcctnMizvw
.hewaaya.com/	1970-01-20 19:02:49	Name: __gpi Value: UID=00000bc40f106406:T=1676473142:RT=1676473142:S=ALNI_MatXDjDb2m1_oahpvw1ky4Zuy61qg
.doubleclick.net/	1970-01-20 09:41:14	Name: test_cookie Value: CheckForPermission
.hewaaya.com/	1970-01-20 09:41:14	Name: __cf_bm Value: akTE1UhNh__hcG.GcyqPkDrIagSkpRK7VgCNPFvQYK0-1676473143-0-AXs4ihiZ7+NkiDS1qui/QJ/AJbR6QzVyAvrEsLXbp5tTSb5lAMpI86mE9NuUpw5L3DrzSihE0ZCgwHBGab6Wpsp+GGFhJrixDZM0Qj1oseP3UpO31dwtndhaXkEj5ydjDUPpQzDFjvjhfoCX24srZh8=
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstCfa4631733 Value: 1676473143889
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstCla4631733 Value: 1676473143889
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstCmu4631733 Value: 1676473143889
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstPn4631733 Value: 1
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstPt4631733 Value: 1
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstCnv4631733 Value: 1
bareeqal5alij.hewaaya.com/	1970-01-20 18:26:49	Name: HstCns4631733 Value: 1
.dtscout.com/	1970-01-20 09:41:18	Name: m Value: 1
.dtscout.com/	1970-01-20 09:41:27	Name: oa Value: 1
.dtscout.com/	1970-01-20 12:05:13	Name: df Value: 1676473145
.dtscout.com/	1970-01-20 11:49:22	Name: l Value: 4C30167647314518588D90BF5B0D49C9
.hewaaya.com/	1970-01-20 11:46:29	Name: __dtsu Value: 4C30167647314518588D90BF5B0D49C9
.hewaaya.com/	1970-01-20 09:41:13	Name: lotame_domain_check Value: hewaaya.com
.crwdcntrl.net/	1970-01-20 16:09:58	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 16:09:58	Name: _cc_id Value: c2483e770cd52c0952b862579d79c7f
.crwdcntrl.net/	1970-01-20 16:10:01	Name: _cc_cc Value: "ACZ4XmOQTzYysTBONTc3SE4xNUo2sDQ1SrIwMzI1t0wxt0w2T2MAguQ3n61ANARwnz96iJnxoyzDf0ZGhotfLGHM3fsuC8DYz7e80IWxWy6qw5jvlsxhgbE%2FNNyHK%2F944pQGTPzvxilwNYcXI9Q%2FQ2IDADzbOfo%3D"
.crwdcntrl.net/	1970-01-20 16:10:01	Name: _cc_aud Value: "ABR4XmNgYGBIfvPZCkhBADMDA9cMMHNRK4hkfFgPJAFzAQWq"
.hewaaya.com/	1970-01-20 16:10:01	Name: _cc_id Value: c2483e770cd52c0952b862579d79c7f
.hewaaya.com/	1970-01-20 16:10:01	Name: _cc_cc Value: ACZ4XmOQTzYysTBONTc3SE4xNUo2sDQ1SrIwMzI1t0wxt0w2T2MAguQ3n61ANARwnz96iJnxoyzDf0ZGhotfLGHM3fsuC8DYz7e80IWxWy6qw5jvlsxhgbE%2FNNyHK%2F944pQGTPzvxilwNYcXI9Q%2FQ2IDADzbOfo%3D
.hewaaya.com/	1970-01-20 16:10:01	Name: _cc_aud Value: ABR4XmNgYGBIfvPZCkhBADMDA9cMMHNRK4hkfFgPJAFzAQWq
.hewaaya.com/	1970-01-20 09:51:17	Name: panoramaId_expiry Value: 1677077946515
.hewaaya.com/	1970-01-20 09:51:17	Name: panoramaId Value: 98442ae57e270e1573ec466eea5ce32246b028d809a19934c7a44327ef112389
.adsrvr.org/	1970-01-20 18:26:49	Name: TDID Value: e5cf199e-e1e9-41ea-ab99-08985e41b054
.pubmatic.com/	1970-01-20 09:42:39	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 18:26:49	Name: KADUSERCOOKIE Value: 5846E758-C03A-4949-A428-BB1C2B7074F2
.dtscdn.com/	1970-01-20 13:58:58	Name: uid Value: 4C30167647314518588D90BF5B0D49C9
.tapad.com/	1970-01-20 11:07:37	Name: TapAd_TS Value: 1676473146787
.tapad.com/	1970-01-20 11:07:37	Name: TapAd_DID Value: 08baef9d-fd3d-41d5-9d19-51f949b3ea69
.tapad.com/	1970-01-20 11:07:37	Name: TapAd_3WAY_SYNCS Value:
.adsrvr.org/	1970-01-20 18:26:49	Name: TDCPM Value: CAESFAoFdGFwYWQSCwjAy8P_5tvHOxAFGAEgASgCMgsIwMPGrP3bxzsQBTgBWgV0YXBhZGAC
.lijit.com/	1970-01-20 18:26:49	Name: ljt_reader Value: GKUjBSZHSZ8bLvthTkaA8IWj

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.dtssrv.com
adservice.google.com
adservice.google.com.sg
aorta.clickagy.com
ap.lijit.com
audex.userreport.com
bareeqal5alij.hewaaya.com
bcp.crwdcntrl.net
beacon.krxd.net
ce.lijit.com
cm.g.doubleclick.net
cm.mgid.com
cms.analytics.yahoo.com
d.turn.com
data-beacons.s-onetag.com
dmp.truoptik.com
dpm.demdex.net
e.dtscout.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
global.ib-ibi.com
googleads.g.doubleclick.net
i.liadm.com
ib.adnxs.com
image6.pubmatic.com
match.adsrvr.org
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.tapad.com
ps.eyeota.net
px.ads.linkedin.com
s.amazon-adsystem.com
s10.histats.com
s4.histats.com
secure.adnxs.com
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
t.dtscdn.com
t.dtscout.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
wt.rqtrk.eu
www.google.com
aorta.clickagy.com
ap.lijit.com
beacon.krxd.net
ce.lijit.com
cm.g.doubleclick.net
d.turn.com
dpm.demdex.net
global.ib-ibi.com
i.liadm.com
ib.adnxs.com
pixel-sync.sitescout.com
pixel.onaudience.com
px.ads.linkedin.com
s.amazon-adsystem.com
secure.adnxs.com
sync-tm.everesttech.net
sync.srv.stackadapt.com
tags.bluekai.com
token.rubiconproject.com
um.simpli.fi
wt.rqtrk.eu
103.229.206.240
104.16.110.154
106.10.236.147
13.227.254.114
13.228.146.168
13.33.33.57
13.33.88.11
149.56.240.31
18.155.68.21
209.191.163.152
2404:6800:4003:c01::84
2404:6800:4003:c03::9b
2404:6800:4003:c05::68
2404:6800:4003:c05::9c
2404:6800:4003:c06::5f
2404:6800:4003:c0f::5e
2404:6800:4003:c11::9d
2606:4700:1::6813:864e
2606:4700:20::681a:d3c
2606:4700:21::8d65:780a
2606:4700:3032::6815:1530
2606:4700:e4::ac40:a71f
34.111.113.62
35.71.131.137
46.105.201.240
52.74.162.2
52.84.251.14
54.251.140.206
67.199.150.81
74.125.68.155
02c7e37370f5160bfa679f2a619a0967ff3e92721592898747fff4c596ef73bc
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
07dbb740764ddcc657e44a4f2767a85c877c6c92262615acefe839c0ca07c9e9
1604d7fd902f76d2b32dfc2bbdd7a6c6fa0184d5b937af08b546f82701ebb287
1f42fd0048fc97038dedb36834fe23462b89f68e458f16730d0724d3df6c438c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2be33f127574f6bc2c083bde1dacac399c1cc6a640b2e036af6554b04a5baf05
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2
46cf159c7a054ba1e24e6a2183451c3951224ac9c0479e2dee40476e76f36b2a
49c3e6e6e4849e0ba95714c8b7781df8be1a1e762d13ef6a37db9f7643ee5781
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58428a34061c5d3cda7d934c9e8c01deb571e8a63a87ce33b06740de16a1cb01
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
6691c17050e97fa3a70eb75b6da5d601b461af4d26b954f87dcddbf354f61eda
678805113db5da6ceb4b2e1ac1791a404c0412965fb3aaccb6ed177739d9b2e8
7fd6768baa128ea520eaf09b0f003ad966a285342f44d848f57588170bfc204a
81aaf8ff047a38837949e05257b0a65293aa0e80afb5745a5bcb635f5d0bd77c
86781107a5be7c5f83e7be12e3011cb43775fe339fbf390961fee51b5a26e47b
8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5
8a3d5cc894c302b131aa5a7b2d050aa8238da907d6235fc6b15bbe905f7caa4f
981dda8927d4b46c926f820535333b74d4615f58fba271fff556b05b3fbacbe3
9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28
994693fc14b72c5dfaadf9a7cccb6513d9dc5455c635b4dd3e631930374fe563
9b748dec7659060d2731e4bb83efcc0beaf2cb51e69588966879165fbb3980ed
9c3b094d7acb7ea3d2059ef09ebdad6ad642abe2c4b2bba019cd58b18e48c468
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9efa97a09aa9c7ea4d026f1f3c700e65bb3ae9e2abe1ed54f5f540b85bfac4e4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a61cb5ddd7f5bf71051521a288361c6684188b6d0edc17b3b18b08faa96ea282
a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ab858303161588e27d5fe3398ab351c122c158810e209238d23399867c6ba6a9
b0fe2ef3be2ee94968865b9c1f4a6df9047df6da9d6db098b14837964261183f
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3
c5a9c1da2841785221f3cbd5d59fb206a46a9f7b87acd9defbaaad16da7bc10f
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
caf00dccdfb24b237c2e763929bbdbf10d64d66606688390a39c6456fbddb409
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
dfcff55921b21283ccf435c9a4ceae1626c33231ae36ba9ce6d157bba18beddc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6fb9c3b8c7657ae2ff8b85860105410994ba2dd9461388484c6f90ab32759ae
fe039f125f7366453a204c3360d4a5eccf70de8b7a0f5f24e959e9729d9af61e
feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c

bareeqal5alij.hewaaya.com Open in urlscan Pro 2606:4700:3032::6815:1530 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

91 Requests

62 %HTTPS

40 %IPv6

41 Domains

53 Subdomains

24 IPs

5 Countries

488 kBTransfer

1243 kBSize

37 Cookies

2 Outgoing links

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bareeqal5alij.hewaaya.com Open in urlscan Pro
2606:4700:3032::6815:1530 Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

62 %
HTTPS

40 %
IPv6

41
Domains

53
Subdomains

24
IPs

5
Countries

488 kB
Transfer

1243 kB
Size

37
Cookies

91 HTTP transactions
0 data transactions