Submitted URL: https://yallasport.xyz/
Effective URL: https://www.yallasport.xyz/
Submission: On June 04 via api from US — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 22 HTTP transactions. The main IP is 2a00:1450:4001:81d::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is www.yallasport.xyz.
TLS certificate: Issued by WR3 on May 31st 2024. Valid for: 3 months.
This is the only time www.yallasport.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
6 blogger.com
www.blogger.com — Cisco Umbrella Rank: 9532
15 KB
4 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3816
3 KB
3 highcpmgate.com
pl23452395.highcpmgate.com
3 yallasport.xyz
yallasport.xyz
www.yallasport.xyz
173 KB
2 imagekit.io
ik.imagekit.io — Cisco Umbrella Rank: 24188
3 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 101
1 KB
1 adsplus.pro
www.adsplus.pro
1 statically.io
cdn.statically.io — Cisco Umbrella Rank: 9159
56 KB
0 yalla-shoot-goal.co Failed
www.yalla-shoot-goal.co Failed
22 9
Domain Requested by
6 www.blogger.com www.yallasport.xyz
4 upload.wikimedia.org www.yallasport.xyz
3 pl23452395.highcpmgate.com www.yallasport.xyz
2 ik.imagekit.io www.yallasport.xyz
2 fonts.googleapis.com client
2 www.yallasport.xyz
1 www.adsplus.pro www.yallasport.xyz
1 cdn.statically.io www.yallasport.xyz
1 yallasport.xyz 1 redirects
0 www.yalla-shoot-goal.co Failed
22 10

This site contains links to these domains. Also see Links.

Domain
www.elghazawysport.online
www.yalla-shoot-goal.co
internationasport.blogspot.com
Subject Issuer Validity Valid
www.yallasport.xyz
WR3
2024-05-31 -
2024-08-29
3 months crt.sh
highcpmgate.com
R3
2024-04-19 -
2024-07-18
3 months crt.sh
statically.io
GlobalSign Atlas R3 DV TLS CA 2023 Q3
2023-08-26 -
2024-09-26
a year crt.sh
www.adsplus.pro
R3
2024-05-16 -
2024-08-14
3 months crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-10-18 -
2024-10-16
a year crt.sh
*.blogger.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
upload.video.google.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
*.imagekit.io
Amazon RSA 2048 M02
2024-01-23 -
2025-02-19
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.yallasport.xyz/
Frame ID: 8518C23ED2D2B1DE9FE2D359DDDA1904
Requests: 26 HTTP requests in this frame

Frame: https://www.adsplus.pro/ads/codes/banner?rcd=MTc3
Frame ID: A9D27231E0B8E04932D7FDB08BF11EF0
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

يلا شوت في الجول | yalla-shoot-goal | نتائج مباريات اليوم يلا سبورت

Page URL History Show full URLs

  1. https://yallasport.xyz/ HTTP 301
    https://www.yallasport.xyz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Page Statistics

22
Requests

95 %
HTTPS

67 %
IPv6

9
Domains

10
Subdomains

9
IPs

3
Countries

251 kB
Transfer

665 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://yallasport.xyz/ HTTP 301
    https://www.yallasport.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.yallasport.xyz/
Redirect Chain
  • https://yallasport.xyz/
  • https://www.yallasport.xyz/
534 KB
172 KB
Document
General
Full URL
https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d2c99d7ed47544dd5cea131180f2ad1936dc397606983d21610eb657ba41ea08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-length
175763
content-type
text/html; charset=UTF-8
date
Tue, 04 Jun 2024 05:42:22 GMT
etag
W/"24e822051d560b7dd03a08f6d2c336617f9a71db19f071473dcd93d695f9f0d2"
expires
Tue, 04 Jun 2024 05:42:22 GMT
last-modified
Mon, 03 Jun 2024 06:27:13 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

content-length
224
content-type
text/html; charset=UTF-8
date
Tue, 04 Jun 2024 05:42:22 GMT
location
https://www.yallasport.xyz/
server
ghs
x-frame-options
SAMEORIGIN
x-xss-protection
0
ee65eca2eefc160ddfb50c17d3e7081c.js
pl23452395.highcpmgate.com/ee/65/ec/
0
0
Script
General
Full URL
https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.240.127.234 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 05:42:23 GMT
Server
nginx/1.21.6
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
truncated
/
405 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e5fe8221d8c619e027a1361385ed3dfad74b776ceefe6c7d8a9c495490bf9e1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
944 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
609 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ca8472d653819424ad94f0a5024ee9818d0166034ad5ea6eb0432ef364d6a992

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
460 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
NeoSansArabic.woff
cdn.statically.io/gh/yallashoot808/yalla-shoot-new/6a47ce1e/
56 KB
56 KB
Font
General
Full URL
https://cdn.statically.io/gh/yallashoot808/yalla-shoot-new/6a47ce1e/NeoSansArabic.woff
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::347 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
statically /
Resource Hash
18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Origin
https://www.yallasport.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 05:42:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
statically
age
3624427
etag
"4cb0be1807b6236ab749d2f5e38eed261e9f0d3967da730a6786482cd5dd4b18"
x-cache
HIT, HIT
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
57364
x-served-by
cache-sjc10036-SJC, cache-fra-etou8220101-FRA
banner
www.adsplus.pro/ads/codes/ Frame A9D2
0
0
Document
General
Full URL
https://www.adsplus.pro/ads/codes/banner?rcd=MTc3
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
95.216.243.203 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
tsnim.com
Software
nginx/1.14.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.yallasport.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 04 Jun 2024 05:42:26 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=60
Pragma
no-cache
Server
nginx/1.14.1
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
HIT from Backend
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
ee65eca2eefc160ddfb50c17d3e7081c.js
pl23452395.highcpmgate.com/ee/65/ec/
0
0
Script
General
Full URL
https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.240.127.234 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 05:42:23 GMT
Server
nginx/1.21.6
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
truncated
/
500 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
280px-Flag_of_Germany.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/ba/Flag_of_Germany.svg/
335 B
1 KB
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/b/ba/Flag_of_Germany.svg/280px-Flag_of_Germany.svg.png
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
envoy /
Resource Hash
5377e93fb429f9caba8d759355743b4bb8a2623fc7fa6f2c1bfe39be435f8d80
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 05:42:24 GMT
strict-transport-security
max-age=106384710; includeSubDomains; preload
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
0
x-cache-status
hit-local
x-cache
cp3080 hit, cp3080 miss
content-disposition
inline;filename*=UTF-8''Flag_of_Germany.svg.png
server-timing
cache;desc="hit-local", host;desc="cp3080"
content-length
335
x-client-ip
2001:1b60:2:240:3247::3
last-modified
Tue, 23 Jan 2024 23:33:20 GMT
server
envoy
etag
afd507ed453df245f4414ff4e84a4b4d
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
1200px-Flag_of_Ukraine.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/4/49/Flag_of_Ukraine.svg/
881 B
2 KB
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/4/49/Flag_of_Ukraine.svg/1200px-Flag_of_Ukraine.svg.png
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.4 /
Resource Hash
d6c2197e9418a306facbd646d545ef66044b4c623b5122ed3c8999ee94826d4c
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 17:07:08 GMT
strict-transport-security
max-age=106384710; includeSubDomains; preload
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
45315
x-cache-status
hit-front
x-cache
cp3080 hit, cp3080 hit/32
content-disposition
inline;filename*=UTF-8''Flag_of_Ukraine.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3080"
content-length
881
x-client-ip
2001:1b60:2:240:3247::3
last-modified
Wed, 24 Jan 2024 07:14:15 GMT
server
ATS/9.1.4
etag
a6097cb395641b3e436e66eb9a2681b3
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
ee65eca2eefc160ddfb50c17d3e7081c.js
pl23452395.highcpmgate.com/ee/65/ec/
0
0
Script
General
Full URL
https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.240.127.234 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 05:42:23 GMT
Server
nginx/1.21.6
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
2 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744051&_=1717479744052
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1fec7848779846796d21ef59405de5189f1366a60a09bac4c23161811cbbe574
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2353
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
2 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744053&_=1717479744054
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f8681e4d8a137534e1de2788b854997190f59cdb03592b886d7d3d34e2adad70
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2353
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
2 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744055&_=1717479744056
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9cdf935a2ed86b30a831893e60e64adaa1ccf56893971566738c515714f99c9d
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2353
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
2 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744057&_=1717479744058
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0573a29ed69b858265c28c4ccee84349fe969d3cee5e0ac423bab7a55b6ada5b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2353
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
2 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744059&_=1717479744060
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
434d676461ab2bfe5d2f7464aa39fae9ff7d2d69db4c2ca7ccc6927b1da5d4f8
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2352
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
default
www.blogger.com/feeds/4229037950591697167/pages/
7 KB
3 KB
Script
General
Full URL
https://www.blogger.com/feeds/4229037950591697167/pages/default?alt=json-in-script&callback=jQuery35107133723988853267_1717479744061&_=1717479744062
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ecb82b7e8ff6038cfaae60def4ed05993e698f6a41c13e9489af50f5ac5fe9eb
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2353
x-xss-protection
1; mode=block
last-modified
Sat, 01 Jun 2024 22:19:27 GMT
server
GSE
vary
Accept, X-GData-Authorization, GData-Version
x-frame-options
SAMEORIGIN
sunset
Mon, 30 Sep 2024 23:59:59 GMT
access-control-allow-origin
*
gdata-version
1.0
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=0, must-revalidate, no-transform
link
<https://developers.google.com/blogger/docs/2.0/developers_guide>;rel="sunset";type="text/html"
expires
Tue, 04 Jun 2024 05:42:24 GMT
css2
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Tajawal:wght@400;500;700;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9e2b8e13b5576195ba4972845c2bbdfc544c1bf44cfde69a66f1a5fb646b7823
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 04 Jun 2024 05:32:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 04 Jun 2024 05:42:24 GMT
EchrahNet.svg
ik.imagekit.io/8zzltrsej/
6 KB
3 KB
Image
General
Full URL
https://ik.imagekit.io/8zzltrsej/EchrahNet.svg
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a400:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
08e68fca95aa738060ab1190dfbb7f50fd67eb42cdd962e7a3389ffbd20f4aea

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 09 Dec 2023 21:35:55 GMT
content-encoding
br
via
1.1 86f0f41c4d8083f2bfc3d1c3d9719bbc.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
age
15321989
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-request-id
85537d22-cbd4-4abf-8579-63b6371e06db
last-modified
Wed, 27 Sep 2023 17:13:21 GMT
etag
W/"5c700484a2262ac9d963ac25d73e4527"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
ORbqF8Q5WyVcQJOLDOVjw39S5QVDY4xNxzsND-a9NHdjcqCYpjq_6A==
css2
fonts.googleapis.com/
5 KB
0
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Tajawal:wght@400;500;700;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9e2b8e13b5576195ba4972845c2bbdfc544c1bf44cfde69a66f1a5fb646b7823
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 05:42:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 04 Jun 2024 05:32:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 04 Jun 2024 05:42:24 GMT
EchrahNet.svg
ik.imagekit.io/8zzltrsej/
6 KB
0
Image
General
Full URL
https://ik.imagekit.io/8zzltrsej/EchrahNet.svg
Requested by
Host: www.yallasport.xyz
URL: https://www.yallasport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a400:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
08e68fca95aa738060ab1190dfbb7f50fd67eb42cdd962e7a3389ffbd20f4aea

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 09 Dec 2023 21:35:55 GMT
content-encoding
br
via
1.1 86f0f41c4d8083f2bfc3d1c3d9719bbc.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
age
15321989
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-request-id
85537d22-cbd4-4abf-8579-63b6371e06db
last-modified
Wed, 27 Sep 2023 17:13:21 GMT
etag
W/"5c700484a2262ac9d963ac25d73e4527"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
ORbqF8Q5WyVcQJOLDOVjw39S5QVDY4xNxzsND-a9NHdjcqCYpjq_6A==
280px-Flag_of_Germany.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/ba/Flag_of_Germany.svg/
335 B
0
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/b/ba/Flag_of_Germany.svg/280px-Flag_of_Germany.svg.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
envoy /
Resource Hash
5377e93fb429f9caba8d759355743b4bb8a2623fc7fa6f2c1bfe39be435f8d80
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 05:42:24 GMT
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
0
x-cache-status
hit-local
x-cache
cp3080 hit, cp3080 miss
content-disposition
inline;filename*=UTF-8''Flag_of_Germany.svg.png
server-timing
cache;desc="hit-local", host;desc="cp3080"
content-length
335
x-client-ip
2001:1b60:2:240:3247::3
last-modified
Tue, 23 Jan 2024 23:33:20 GMT
server
envoy
etag
afd507ed453df245f4414ff4e84a4b4d
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
1200px-Flag_of_Ukraine.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/4/49/Flag_of_Ukraine.svg/
881 B
0
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/4/49/Flag_of_Ukraine.svg/1200px-Flag_of_Ukraine.svg.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.4 /
Resource Hash
d6c2197e9418a306facbd646d545ef66044b4c623b5122ed3c8999ee94826d4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 17:07:08 GMT
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
45315
x-cache-status
hit-front
x-cache
cp3080 hit, cp3080 hit/32
content-disposition
inline;filename*=UTF-8''Flag_of_Ukraine.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3080"
content-length
881
x-client-ip
2001:1b60:2:240:3247::3
last-modified
Wed, 24 Jan 2024 07:14:15 GMT
server
ATS/9.1.4
etag
a6097cb395641b3e436e66eb9a2681b3
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
favicon.ico
www.yalla-shoot-goal.co/
0
0

favicon.ico
www.yallasport.xyz/
4 KB
539 B
Other
General
Full URL
https://www.yallasport.xyz/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.yallasport.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 05:42:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Jun 2024 06:27:13 GMT
server
GSE
etag
W/"24e822051d560b7dd03a08f6d2c336617f9a71db19f071473dcd93d695f9f0d2"
content-type
image/x-icon; charset=UTF-8
cache-control
private, max-age=86400
content-length
412
x-xss-protection
1; mode=block
expires
Tue, 04 Jun 2024 05:42:29 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.yalla-shoot-goal.co
URL
https://www.yalla-shoot-goal.co/favicon.ico

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| uri undefined| clean_uri object| adsbygoogle object| cookieChoices function| _0xf73d function| _0x3f0cab function| _0x37b47b function| _0x10863f function| _0x739a7d function| _0x1a2685 function| _0x4a37 function| _0x708018 function| _0x49058d function| _0x15cb function| _0x3fc846 function| _0x191159 function| _0x12db function| _0x8ca755 function| _0x8392a0 function| _0x4babe8 function| _0x177cd3 function| _0x4edc function| _0x34f2 function| _0x12931b function| $ function| jQuery object| _0xaf66 function| add_zero function| moment object| _0x8fba function| minToHours function| rdmode function| disableselect function| reEnable

0 Cookies

3 Console Messages

Source Level URL
Text
network error URL: https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://pl23452395.highcpmgate.com/ee/65/ec/ee65eca2eefc160ddfb50c17d3e7081c.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.statically.io
fonts.googleapis.com
ik.imagekit.io
pl23452395.highcpmgate.com
upload.wikimedia.org
www.adsplus.pro
www.blogger.com
www.yalla-shoot-goal.co
www.yallasport.xyz
yallasport.xyz
www.yalla-shoot-goal.co
172.240.127.234
216.239.36.21
2600:9000:20ae:a400:15:c281:3500:93a1
2a00:1450:4001:812::200a
2a00:1450:4001:81d::2013
2a00:1450:4001:82f::2009
2a02:ec80:300:ed1a::2:b
2a04:4e42::347
95.216.243.203
0573a29ed69b858265c28c4ccee84349fe969d3cee5e0ac423bab7a55b6ada5b
08e68fca95aa738060ab1190dfbb7f50fd67eb42cdd962e7a3389ffbd20f4aea
0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea
183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a
18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6
1fec7848779846796d21ef59405de5189f1366a60a09bac4c23161811cbbe574
434d676461ab2bfe5d2f7464aa39fae9ff7d2d69db4c2ca7ccc6927b1da5d4f8
5377e93fb429f9caba8d759355743b4bb8a2623fc7fa6f2c1bfe39be435f8d80
6e5fe8221d8c619e027a1361385ed3dfad74b776ceefe6c7d8a9c495490bf9e1
725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f
9cdf935a2ed86b30a831893e60e64adaa1ccf56893971566738c515714f99c9d
9e2b8e13b5576195ba4972845c2bbdfc544c1bf44cfde69a66f1a5fb646b7823
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
ca8472d653819424ad94f0a5024ee9818d0166034ad5ea6eb0432ef364d6a992
d2c99d7ed47544dd5cea131180f2ad1936dc397606983d21610eb657ba41ea08
d6c2197e9418a306facbd646d545ef66044b4c623b5122ed3c8999ee94826d4c
ecb82b7e8ff6038cfaae60def4ed05993e698f6a41c13e9489af50f5ac5fe9eb
f8681e4d8a137534e1de2788b854997190f59cdb03592b886d7d3d34e2adad70