ta.bigolive.tv Open in urlscan Pro
169.136.136.106 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://goo.by/XKSWNG
Effective URL:
https://ta.bigolive.tv/spring_bigolive_activity/act2021/share39011/mm?code=6893554100&uid=2948801479&room=7015338174445...
Submission: On November 07 via manual (November 7th 2024, 6:34:14 pm UTC) from FR — Scanned from FR

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 16 domains to perform 35 HTTP transactions. The main IP is 169.136.136.106, located in Hong Kong and belongs to NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG. The main domain is ta.bigolive.tv. The Cisco Umbrella rank of the primary domain is 228135.
TLS certificate: Issued by GlobalSign GCC R6 AlphaSSL CA 2023 on June 3rd 2024. Valid for: a year.

This is the only time ta.bigolive.tv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3030::6815:56e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
6 12	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	185.27.134.144 185.27.134.144	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:b9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	164.90.105.112 164.90.105.112	10122 (NETSTAR-A...) (NETSTAR-AS-AP NETSTAR SG PTE. LTD.)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
1	169.136.136.106 169.136.136.106	10122 (NETSTAR-A...) (NETSTAR-AS-AP NETSTAR SG PTE. LTD.)
35	17

2 2606:4700:3030::6815:56e9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

goo.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:6b8::1:119 (Moscow, Russian Federation) 6 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.27.134.144 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

petitlion18.fwh.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:b9b (United States)

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 164.90.105.112 (Frankfurt am Main, Germany)

ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG)

gdl.bigolive.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

www.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.136.136.106 (Hong Kong)

ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG)

ta.bigolive.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 9307	3 KB
5	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643 www.google-analytics.com — Cisco Umbrella Rank: 34	22 KB
4	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 4610	76 KB
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	555 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4401
3	fwh.is petitlion18.fwh.is	98 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	317 KB
2	bigolive.tv gdl.bigolive.tv — Cisco Umbrella Rank: 413423 ta.bigolive.tv — Cisco Umbrella Rank: 228135	341 KB
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 3740 cdn.acsbapp.com — Cisco Umbrella Rank: 3977	116 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116	197 KB
2	yandex.by 1 redirects mc.yandex.by — Cisco Umbrella Rank: 219832	771 B
2	goo.by 1 redirects goo.by	2 KB
1	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 233245 ep2.adtrafficquality.google Failed	13 KB
1	google.fr www.google.fr — Cisco Umbrella Rank: 23630	63 B
0	bigo.tv Failed www.bigo.tv Failed
0	Failed function sub() { [native code] }. Failed
35	16

	Domain	Requested by
6	mc.yandex.com	3 redirects goo.by mc.yandex.ru
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	mc.yandex.ru	2 redirects goo.by
3	region1.analytics.google.com	www.googletagmanager.com
3	petitlion18.fwh.is	goo.by petitlion18.fwh.is
3	www.googletagmanager.com	goo.by petitlion18.fwh.is www.googletagmanager.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	pagead2.googlesyndication.com	petitlion18.fwh.is pagead2.googlesyndication.com
2	mc.yandex.by	1 redirects goo.by
2	goo.by	1 redirects
1	ta.bigolive.tv	petitlion18.fwh.is
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	cdn.acsbapp.com	acsbapp.com
1	www.google.fr
1	stats.g.doubleclick.net	www.googletagmanager.com
1	gdl.bigolive.tv	petitlion18.fwh.is
1	acsbapp.com	petitlion18.fwh.is
1	region1.google-analytics.com	www.googletagmanager.com
0	www.bigo.tv Failed	ta.bigolive.tv
0	ep2.adtrafficquality.google Failed	pagead2.googlesyndication.com
0	livevideoshow Failed	petitlion18.fwh.is
35	21

This site contains no links.

Subject Issuer	Validity	Valid
goo.by WE1	`2024-11-05` - `2025-02-03`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2024-10-20` - `2025-04-01`	5 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
acsbapp.com WE1	`2024-10-16` - `2025-01-14`	3 months	crt.sh
*.google.fr WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
adtrafficquality.google WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.bigolive.tv GlobalSign GCC R6 AlphaSSL CA 2023	`2024-06-03` - `2025-07-05`	a year	crt.sh

This page contains 4 frames:

Frame: https://www.bigo.tv/petitlion18
Frame ID: 06C9BBDC6F17AB1DA3923BE57EA8770A
Requests: 32 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: 8BB880B19940922B06111F3B0EA7BE46
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241031/r20190131/zrt_lookup_fy2021.html
Frame ID: 9E5892158DDA4B236423C2BEBE7F1E18
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9405175052842274&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1731004450&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiombap=1&aiopts=1&aief=1&dt=1731004450132&bpp=17&bdt=317&idt=513&shv=r20241031&mjsv=m202410310101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1927683463105&frm=20&pv=2&u_tz=60&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95346096%2C42531706%2C95343681%2C95344188%2C31088654%2C95345966&oid=2&pvsid=3575946358486898&tmod=235434613&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2Fpetitlion18.fwh.is%2F&fc=1920&brdim=170%2C170%2C170%2C170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=533
Frame ID: D7E431F7E486D81E4BD7CE274BACB7D5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BIGOLIVE

Page URL History Show full URLs

https://goo.by/XKSWNG HTTP 301
https://goo.by/redirect Page URL
http://petitlion18.fwh.is/ HTTP 307
https://petitlion18.fwh.is/ HTTP 307
http://petitlion18.fwh.is/ Page URL
http://petitlion18.fwh.is/?i=1 Page URL
https://ta.bigolive.tv/spring_bigolive_activity/act2021/share39011/mm?code=6893554100&uid=294880147... Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

35
Requests

71 %
HTTPS

50 %
IPv6

16
Domains

21
Subdomains

17
IPs

6
Countries

1184 kB
Transfer

2765 kB
Size

32
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://goo.by/XKSWNG HTTP 301
https://goo.by/redirect Page URL
http://petitlion18.fwh.is/ HTTP 307
https://petitlion18.fwh.is/ HTTP 307
http://petitlion18.fwh.is/ Page URL
http://petitlion18.fwh.is/?i=1 Page URL
https://ta.bigolive.tv/spring_bigolive_activity/act2021/share39011/mm?code=6893554100&uid=2948801479&room=7015338174445824037&actor=560092345&roomType=1&shareType= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://goo.by/XKSWNG HTTP 301
https://goo.by/redirect

Request Chain 4

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10546.Ua1BlCSEBMZum3UDxnW1SKOeeDK_MVGaW7_W9AzOutXOX9lKROoBGdv71CKl7iPe.RQLibR4iyyjpFN7qAaWyYsgejrY%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10546.PJNBOhe-JET5CtT6c1D4LEHEvWuNH5aHkUN6ESClb9UfjY3PjlQ63-3_dZUIyeCDoTdooX1DVy4-5FNVYGtSBEXi2R2_fDydGDQCkRWRAQ0xqRPiZf-pqfTkje53Q7iSVrTg4Y_7qDRbpVMiiLzaONa5Kps1YuxpOLfQEnZ0E2f1owNj64oaF9DQAnLtQrGEuicrZTtTSN8iidZVUbQwAIsbp17axM4ZFKcDKe0PSwk%2C.cdqwc68fB5k7523ZDyrQ9IFX_ak%2C HTTP 302
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10546.UVF1RkVpiG8mTBPYj_1GrOfvGz54nCq56Gld8Bj-xD8NIxcJscx4GygijZOEqK8Q_k-uCvOMN-x6H7lG5jfTFhXFGK1g-y3VfBQmu-67QbUh7nlgQQVNckx5_kQ-OaA2HoWtrClgvI0eKkG28-qLY4-P0sc74iWwSZa58b6bDihLfPDDFTq5c7QAnJqKyBybJBp4f55EACp1o3ZAz0TJDg%2C%2C.RgUNdkAy9408AwbgDYmvcmryjjA%2C

Request Chain 5

https://mc.yandex.by/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=10546.Z12L8b_rrrBOycmsUYRMc4OOsKUy1ah3aiUaQKGNZrmRf_9NVi9awTnD2c1OcAh0.Khbv2m4kgsZ2HwO5pwkXZGTwt_I%2C HTTP 302
https://mc.yandex.by/sync_cookie_image_decide?token=10546.3F-68KXMZtlmXA955KPxaB4iRniYZGCY4UUoBShtgmHrHfY0xQIIibl5__OaCK3dgie3GWY9-8hHNUQYsN-XczdghOt589802qKjzKbj9GcaYMAaCYVZ5aTcLpgi0GUSceRjrDVQybeHdzF_NY5AD0a9tALg84_rmgV6SFMAu2F6dJav4JX3Atgx9y2lPUtavrhQQ2ROyL0Fqu9VySifOKBV1Jk3PN57eY-jLYW0lvs%2C.dsVGJVFxTVlr3vpGk8hA3BVnYVU%2C

Request Chain 8

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afr-FR%3Av%3A1502%3Acn%3A1%3Adp%3A0%3Als%3A1121656525988%3Ahid%3A800384532%3Az%3A60%3Ai%3A20241107193408%3Aet%3A1731004449%3Ac%3A1%3Arn%3A349911204%3Arqn%3A1%3Au%3A1731004449704943410%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C53%2C2%2C963%2C962%2C1%2C159%2C1%2C%2C%2C%2C1178%3Aco%3A0%3Acpf%3A1%3Ans%3A1731004447025%3Agi%3AR0ExLjEuNjkxOTIyNDMzLjE3MzEwMDQ0NDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1731004449%3At%3AGoo.gl%20URL%20Shortener%3A%20Welcome%20to%20the%20Best%20Alternative%202025&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1) HTTP 302
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afr-FR%3Av%3A1502%3Acn%3A1%3Adp%3A0%3Als%3A1121656525988%3Ahid%3A800384532%3Az%3A60%3Ai%3A20241107193408%3Aet%3A1731004449%3Ac%3A1%3Arn%3A349911204%3Arqn%3A1%3Au%3A1731004449704943410%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C53%2C2%2C963%2C962%2C1%2C159%2C1%2C%2C%2C%2C1178%3Aco%3A0%3Acpf%3A1%3Ans%3A1731004447025%3Agi%3AR0ExLjEuNjkxOTIyNDMzLjE3MzEwMDQ0NDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1731004449%3At%3AGoo.gl%20URL%20Shortener%3A%20Welcome%20to%20the%20Best%20Alternative%202025&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29

Request Chain 9

http://petitlion18.fwh.is/ HTTP 307
https://petitlion18.fwh.is/ HTTP 307
http://petitlion18.fwh.is/

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

redirect Show response
goo.by/
Redirect Chain

https://goo.by/XKSWNG
https://goo.by/redirect

3 KB
2 KB

55ms
54ms

Document
text/html

2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://goo.by/redirect

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ccd0bc23f4ec9cc41e090f66480185faeb808fd14953a88a3c9f138f574f86e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8def6a67ffb1d141-CDG
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Thu, 07 Nov 2024 18:34:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M8DaF4kXY4CuMKoYvawnp2JwO8DYgJ%2BCDaocNIACf1gFZcLoenduhjEVbkMNBtlaykugGTwR5ke2TS3K%2BqGgNez1wwsN7tGrKZ6YXEmnKUnWvK9ScZzdCh%2Bn52MNA8MJmaIeUsA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=19477&sent=10&recv=15&lost=0&retrans=0&sent_bytes=4794&recv_bytes=2443&delivery_rate=195419&cwnd=255&unsent_bytes=0&cid=42c38fd2ad00682e&ts=961&x=0"
strict-transport-security: max-age=31536000

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8def6a625c02d141-CDG
content-type: text/html; charset=UTF-8
date: Thu, 07 Nov 2024 18:34:07 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: /redirect
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqRrkAOebTb9BdCgJwlZGCHrvcyEjaeHyceEOchPsu0wdwj2KMBEvxufRhgDW3u86nKbDseHh5WXnun16EDNqlZK%2FhMvUHCKthhbR6QHR%2FmorvD%2BMg5UgV1DFtUAGUEAwXlbFsw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=19578&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3980&recv_bytes=2343&delivery_rate=195419&cwnd=253&unsent_bytes=0&cid=42c38fd2ad00682e&ts=905&x=0"
strict-transport-security: max-age=31536000
x-robots-tag: noindex

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 324 KB
108 KB 206ms
117ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YM89WYEN8N

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cd6e11b3d56d74de6bc82a2f359e411ee51e5deb5c50e2dbd7b8813532bd67eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 18:34:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109634
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 220 KB
76 KB 416ms
155ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

d29de1609682964244bc8dc4064ca380ee33d2a5854f06cf4bc64763c2778c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
content-encoding: br
etag: "672b9036-129f3"
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Thu, 07 Nov 2024 19:34:08 GMT
access-control-allow-origin: *
content-length: 76275
date: Thu, 07 Nov 2024 18:34:08 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 15:50:14 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 78ms
25ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YM89WYEN8N&gtm=45je4au0v9184014960za200&_p=1731004448202&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=691922433.1731004448&ul=fr-fr&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731004448&sct=1&seg=0&dl=https%3A%2F%2Fgoo.by%2Fredirect&dt=Goo.gl%20URL%20Shortener%3A%20Welcome%20to%20the%20Best%20Alternative%202025&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1416
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YM89WYEN8N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://goo.by
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:08 GMT
content-type: text/plain
server: Golfe2

GET
H2

400

sync_cookie_image_finish
mc.yandex.ru/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10546.Ua1BlCSEBMZum3UDxnW1SKOeeDK_MVGaW7_W9AzOutXOX9lKROoBGdv71CKl7iPe.RQLibR4iyyjpFN7qAaWyYsgejrY%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10546.PJNBOhe-JET5CtT6c1D4LEHEvWuNH5aHkUN6ESClb9UfjY3PjlQ63-3_dZUIyeCDoTdooX1DVy4-5FNVYGtSBEXi2R2_fDydGDQCkRWRAQ0xqRPiZf-pqfTkje53Q7iSVrTg4Y_7qD...
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10546.UVF1RkVpiG8mTBPYj_1GrOfvGz54nCq56Gld8Bj-xD8NIxcJscx4GygijZOEqK8Q_k-uCvOMN-x6H7lG5jfTFhXFGK1g-y3VfBQmu-67QbUh7...

62 B
62 B

80ms
78ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10546.UVF1RkVpiG8mTBPYj_1GrOfvGz54nCq56Gld8Bj-xD8NIxcJscx4GygijZOEqK8Q_k-uCvOMN-x6H7lG5jfTFhXFGK1g-y3VfBQmu-67QbUh7nlgQQVNckx5_kQ-OaA2HoWtrClgvI0eKkG28-qLY4-P0sc74iWwSZa58b6bDihLfPDDFTq5c7QAnJqKyBybJBp4f55EACp1o3ZAz0TJDg%2C%2C.RgUNdkAy9408AwbgDYmvcmryjjA%2C

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ee2f91e85185c10fb4e2511b377b30b0df780f841cfc89c132d1f1b16c158437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

strict-transport-security: max-age=31536000
content-length: 62
date: Thu, 07 Nov 2024 18:34:09 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

strict-transport-security: max-age=31536000
location: https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10546.UVF1RkVpiG8mTBPYj_1GrOfvGz54nCq56Gld8Bj-xD8NIxcJscx4GygijZOEqK8Q_k-uCvOMN-x6H7lG5jfTFhXFGK1g-y3VfBQmu-67QbUh7nlgQQVNckx5_kQ-OaA2HoWtrClgvI0eKkG28-qLY4-P0sc74iWwSZa58b6bDihLfPDDFTq5c7QAnJqKyBybJBp4f55EACp1o3ZAz0TJDg%2C%2C.RgUNdkAy9408AwbgDYmvcmryjjA%2C
date: Thu, 07 Nov 2024 18:34:08 GMT
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide
mc.yandex.by/
Redirect Chain

https://mc.yandex.by/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=10546.Z12L8b_rrrBOycmsUYRMc4OOsKUy1ah3aiUaQKGNZrmRf_9NVi9awTnD2c1OcAh0.Khbv2m4kgsZ2HwO5pwkXZGTwt_I%2C
https://mc.yandex.by/sync_cookie_image_decide?token=10546.3F-68KXMZtlmXA955KPxaB4iRniYZGCY4UUoBShtgmHrHfY0xQIIibl5__OaCK3dgie3GWY9-8hHNUQYsN-XczdghOt589802qKjzKbj9GcaYMAaCYVZ5aTcLpgi0GUSceRjrDVQybe...

43 B
514 B

80ms
80ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.by/sync_cookie_image_decide?token=10546.3F-68KXMZtlmXA955KPxaB4iRniYZGCY4UUoBShtgmHrHfY0xQIIibl5__OaCK3dgie3GWY9-8hHNUQYsN-XczdghOt589802qKjzKbj9GcaYMAaCYVZ5aTcLpgi0GUSceRjrDVQybeHdzF_NY5AD0a9tALg84_rmgV6SFMAu2F6dJav4JX3Atgx9y2lPUtavrhQQ2ROyL0Fqu9VySifOKBV1Jk3PN57eY-jLYW0lvs%2C.dsVGJVFxTVlr3vpGk8hA3BVnYVU%2C

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

strict-transport-security: max-age=31536000
content-length: 43
date: Thu, 07 Nov 2024 18:34:08 GMT
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000
location: https://mc.yandex.by/sync_cookie_image_decide?token=10546.3F-68KXMZtlmXA955KPxaB4iRniYZGCY4UUoBShtgmHrHfY0xQIIibl5__OaCK3dgie3GWY9-8hHNUQYsN-XczdghOt589802qKjzKbj9GcaYMAaCYVZ5aTcLpgi0GUSceRjrDVQybeHdzF_NY5AD0a9tALg84_rmgV6SFMAu2F6dJav4JX3Atgx9y2lPUtavrhQQ2ROyL0Fqu9VySifOKBV1Jk3PN57eY-jLYW0lvs%2C.dsVGJVFxTVlr3vpGk8hA3BVnYVU%2C
x-xss-protection: 1; mode=block
date: Thu, 07 Nov 2024 18:34:08 GMT

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
575 B 99ms
95ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "672b9036-2b"
expires: Thu, 07 Nov 2024 19:34:08 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Thu, 07 Nov 2024 18:34:08 GMT
content-type: image/gif
last-modified: Wed, 06 Nov 2024 15:50:14 GMT

GET
H2 200 metrika_match.html
mc.yandex.com/metrika/ Frame 8BB8 0
0 261ms
89ms Document
text/html 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 1446
content-type: text/html
date: Thu, 07 Nov 2024 18:34:09 GMT
etag: "672b9036-5a6"
expires: Thu, 07 Nov 2024 19:34:09 GMT
last-modified: Wed, 06 Nov 2024 15:50:14 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

GET
H2

200

1
mc.yandex.com/watch/45619767/
Redirect Chain

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Ala%...
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Al...

616 B
785 B

84ms
82ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afr-FR%3Av%3A1502%3Acn%3A1%3Adp%3A0%3Als%3A1121656525988%3Ahid%3A800384532%3Az%3A60%3Ai%3A20241107193408%3Aet%3A1731004449%3Ac%3A1%3Arn%3A349911204%3Arqn%3A1%3Au%3A1731004449704943410%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C53%2C2%2C963%2C962%2C1%2C159%2C1%2C%2C%2C%2C1178%3Aco%3A0%3Acpf%3A1%3Ans%3A1731004447025%3Agi%3AR0ExLjEuNjkxOTIyNDMzLjE3MzEwMDQ0NDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1731004449%3At%3AGoo.gl%20URL%20Shortener%3A%20Welcome%20to%20the%20Best%20Alternative%202025&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29

Requested by

Host: goo.by
URL: https://goo.by/redirect

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://goo.by/

Response headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Thu, 07-Nov-2024 18:34:09 GMT
access-control-allow-origin: https://goo.by
content-length: 616
x-xss-protection: 1; mode=block
date: Thu, 07 Nov 2024 18:34:09 GMT
content-type: application/json; charset=utf-8
last-modified: Thu, 07-Nov-2024 18:34:09 GMT

Redirect headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
location: /watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2Fredirect&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Akcy5clq5tslki0xlqges4dlki57%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afr-FR%3Av%3A1502%3Acn%3A1%3Adp%3A0%3Als%3A1121656525988%3Ahid%3A800384532%3Az%3A60%3Ai%3A20241107193408%3Aet%3A1731004449%3Ac%3A1%3Arn%3A349911204%3Arqn%3A1%3Au%3A1731004449704943410%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C53%2C2%2C963%2C962%2C1%2C159%2C1%2C%2C%2C%2C1178%3Aco%3A0%3Acpf%3A1%3Ans%3A1731004447025%3Agi%3AR0ExLjEuNjkxOTIyNDMzLjE3MzEwMDQ0NDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1731004449%3At%3AGoo.gl%20URL%20Shortener%3A%20Welcome%20to%20the%20Best%20Alternative%202025&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
pragma: no-cache
access-control-allow-credentials: true
expires: Thu, 07-Nov-2024 18:34:09 GMT
access-control-allow-origin: https://goo.by
x-xss-protection: 1; mode=block
date: Thu, 07 Nov 2024 18:34:09 GMT
last-modified: Thu, 07-Nov-2024 18:34:09 GMT

GET
H/1.1

200
OK

/
petitlion18.fwh.is/
Redirect Chain

http://petitlion18.fwh.is/
https://petitlion18.fwh.is/
http://petitlion18.fwh.is/

829 B
1 KB

36ms
34ms

Document
text/html

185.27.134.144
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://petitlion18.fwh.is/
Requested by: Host: goo.by
URL: https://goo.by/redirect
Protocol: HTTP/1.1
Server: 185.27.134.144 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://goo.by/redirect
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Length: 829
Content-Type: text/html
Date: Thu, 07 Nov 2024 18:34:09 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: nginx

Redirect headers

Location: http://petitlion18.fwh.is/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK aes.js
petitlion18.fwh.is/ 13 KB
14 KB 39ms
38ms Script
application/javascript 185.27.134.144
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://petitlion18.fwh.is/aes.js
Requested by: Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/
Protocol: HTTP/1.1
Server: 185.27.134.144 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

ETag: "652c2b73-35a5"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13733
Date: Thu, 07 Nov 2024 18:34:09 GMT
Content-Type: application/javascript
Last-Modified: Sun, 15 Oct 2023 18:12:03 GMT
Server: nginx

GET
H/1.1 200
OK / Show response
petitlion18.fwh.is/ 83 KB
84 KB 84ms
78ms Document
text/html 185.27.134.144
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://petitlion18.fwh.is/?i=1
Requested by: Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/
Protocol: HTTP/1.1
Server: 185.27.134.144 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash: ee3d29efafa268c317b8c99bf30be25f8db21a80ccc0f161a5ae26869b98ea6e

Request headers

Referer: http://petitlion18.fwh.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control: max-age=0
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Nov 2024 18:34:09 GMT
Expires: Thu, 07 Nov 2024 18:34:09 GMT
Server: nginx
Transfer-Encoding: chunked

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 158 KB
53 KB 125ms
55ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9405175052842274

Requested by

Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/?i=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

ba8ffe935c13e3992d9f625fa17e40e257aad808a23e14933aa49d446acdbe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: http://petitlion18.fwh.is
Referer: http://petitlion18.fwh.is/

Response headers

content-encoding: br
etag: 18155038387180558126
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 18:34:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 07 Nov 2024 18:34:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53861
x-xss-protection: 0
server: cafe

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 380 KB
115 KB 266ms
147ms Script
application/javascript 2606:4700:10::ac43:b9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/?i=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c3094596e54b1fc061a15eea50be0ece483c199e5c7728ba24d534dcdf93a4a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

x-goog-metageneration: 3
access-control-expose-headers: *
x-goog-hash: crc32c=UFfPkQ==, md5=G8dxHFsInpMunGDC4OEp2Q==
cf-cache-status: REVALIDATED
etag: W/"1bc7711c5b089e932e9c60c2e0e129d9"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Fri, 07 Nov 2025 18:34:10 GMT
x-goog-stored-content-length: 389507
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 06 Nov 2024 16:45:17 GMT
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY3PFUmyfc3uN1l0wRQh3mds70JpTMeNXiwqpYXLEDszNWP-jfFyh36KpebiHU7gfM9SGbM
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 8def6a745a620401-CDG
access-control-allow-origin: *
x-goog-generation: 1730911517857344
server: cloudflare

GET
H/1.1 200
OK GQAwAFzU5jCEf7_3AAAAAAES-xQ990.png
gdl.bigolive.tv/cn/design-works/cng4/M0C/DD/08/ 5 KB
6 KB 127ms
51ms Image
image/png 164.90.105.112
NETSTAR-AS-AP NET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gdl.bigolive.tv/cn/design-works/cng4/M0C/DD/08/GQAwAFzU5jCEf7_3AAAAAAES-xQ990.png
Requested by: Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/?i=1
Protocol: HTTP/1.1
Server: 164.90.105.112 Frankfurt am Main, Germany, ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG),
Reverse DNS
Software: openresty /
Resource Hash: a076f88adc8b4756db770c0ee262c9f2dbc53527a1ee03c959645bb97212a921

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

Cache-Control: max-age=315360000
ETag: "cc51caa5e914848f6914c07d0293348c"
Age: 3337033
X-B-CH: 12
Connection: keep-alive
Access-Control-Allow-Methods: GET
x-amz-request-id: tx0000000000000013d02fd-0066fa1cd8-789ca0-default
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 5584
Keep-Alive: timeout=180
Date: Thu, 07 Nov 2024 18:34:09 GMT
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2022 11:14:00 GMT
Server: openresty

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 409 KB
131 KB 139ms
58ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR

Requested by

Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/?i=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

34c81a337837de6b4045411ecbe8f9f9763e3359f02d254e749de4de98f37304

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 18:34:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 133792
x-xss-protection: 0
server: Google Tag Manager

GET bigolive://livevideoshow?roomid=7015338174445824037&uid=560092345&visitor=1
bigolive://livevideoshow?roomid=7015338174445824037&uid=560092345&visitor=1 0
0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/ 434 KB
144 KB 124ms
122ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9405175052842274&plah=petitlion18.fwh.is&bust=31088654

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9405175052842274

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

ad5dd4ee4e66c1558a0bd43c0ba14d8a6a9867aa211afb2797ac0d379fd58b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

content-encoding: br
etag: 816358350713551375
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 18:34:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147825
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
78 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-167434529-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

95c84b4b5230f8cfb1f953e36e8914f462925743c10feaf6f87a889b8140fa87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 18:34:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 79592
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 90ms
31ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GZZDWRLKFR&gtm=45je4au0v869472301za200&_p=1731004449910&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=759062183.1731004450&ul=fr-fr&sr=1600x1200&are=1&frm=0&pscdl=noapi&_s=1&sid=1731004450&sct=1&seg=0&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&dr=http%3A%2F%2Fpetitlion18.fwh.is%2F&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=607
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: http://petitlion18.fwh.is
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
555 B 85ms
26ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GZZDWRLKFR&cid=759062183.1731004450&gtm=45je4au0v869472301za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: http://petitlion18.fwh.is
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.fr/ads/ 42 B
63 B 101ms
62ms Image
image/gif 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GZZDWRLKFR&cid=759062183.1731004450&gtm=45je4au0v869472301za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629&tag_exp=101823848~101925629&z=1274301659

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 07 Nov 2024 18:34:10 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 config.json
cdn.acsbapp.com/config/petitlion18.fwh.is/ 153 B
707 B 2210ms
2148ms Fetch
application/json 2606:4700:10::6816:cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acsbapp.com/config/petitlion18.fwh.is/config.json?page=%2F%3Fi%3D1
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=Es6TAg==, md5=//q/4sS0Efu4k+HqyR1c/g==
cf-cache-status: REVALIDATED
etag: W/"fffabfe2c4b411fbb893e1eac91d5cfe"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Fri, 07 Nov 2025 18:34:10 GMT
x-goog-stored-content-length: 153
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: application/json
last-modified: Wed, 06 Nov 2024 07:48:50 GMT
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY2qr5MPjG91rUB0V-OsISR5alMhSInfoWrWTbVFf6LhIBSp2M9kYIclSqxVQgPwgWiYOfHpWu-fXw
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 8def6a788b21d093-CDG
access-control-allow-origin: *
x-goog-generation: 1730879330736898
server: cloudflare

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 26ms
25ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GZZDWRLKFR&gtm=45je4au0v869472301za200&_p=1731004449910&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=759062183.1731004450&ul=fr-fr&sr=1600x1200&are=1&frm=0&pscdl=noapi&_s=2&sid=1731004450&sct=1&seg=0&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&dr=http%3A%2F%2Fpetitlion18.fwh.is%2F&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&en=redirect_attempt&_ee=1&ep.event_category=Redirection&ep.event_label=Attempt%20to%20Open%20App&ep.value=Deep%20Link&_et=18&tfd=892
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: http://petitlion18.fwh.is
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 108ms
40ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-167434529-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

content-encoding: gzip
age: 4075
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 19:26:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 17:26:15 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241031/r20190131/ Frame 9E58 0
0 88ms
33ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241031/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9405175052842274&plah=petitlion18.fwh.is&bust=31088654

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://petitlion18.fwh.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 723
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4124
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Nov 2024 18:22:07 GMT
etag: 7893594074132303741
expires: Thu, 21 Nov 2024 18:22:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame D7E4 0
0 104ms
61ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9405175052842274&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1731004450&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiombap=1&aiopts=1&aief=1&dt=1731004450132&bpp=17&bdt=317&idt=513&shv=r20241031&mjsv=m202410310101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1927683463105&frm=20&pv=2&u_tz=60&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95346096%2C42531706%2C95343681%2C95344188%2C31088654%2C95345966&oid=2&pvsid=3575946358486898&tmod=235434613&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2Fpetitlion18.fwh.is%2F&fc=1920&brdim=170%2C170%2C170%2C170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=533

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://petitlion18.fwh.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Nov 2024 18:34:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 99ms
54ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241031&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

bfa39132251d437baddd6f0612072a0f39eecfc4e99150b61239a14167fa9f11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13361
date: Thu, 07 Nov 2024 18:34:10 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

POST
H2 200 collect
www.google-analytics.com/j/ 1 B
358 B 2013ms
2011ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=16865246&t=pageview&_s=1&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&ul=fr-fr&de=UTF-8&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1267863965&gjid=1068123370&cid=759062183.1731004450&tid=UA-167434529-1&_gid=80872982.1731004451&_r=1&gtm=457e4au0z8869472301za200zb869472301&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&jsscut=1&npa=1&z=1166367636

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: http://petitlion18.fwh.is/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:10 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: http://petitlion18.fwh.is
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
407 B 2013ms
2012ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=16865246&t=event&_s=2&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&ul=fr-fr&de=UTF-8&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Redirection&ea=redirect_attempt&el=Attempt%20to%20Open%20App&ev=0&_u=YADAAUABAAAAACAAI~&jid=&gjid=&cid=759062183.1731004450&tid=UA-167434529-1&_gid=80872982.1731004451&gtm=457e4au0za200zb869472301&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&jsscut=1&npa=1&z=1205909497

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

age: 7125
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 16:35:25 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET sodar2.js
ep2.adtrafficquality.google/sodar/ 0
0

POST
H3 204 collect
region1.analytics.google.com/g/ 0
0 817ms
817ms Fetch
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GZZDWRLKFR&gtm=45je4au0v869472301za200&_p=1731004449910&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=759062183.1731004450&ul=fr-fr&sr=1600x1200&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=3&sid=1731004450&sct=1&seg=0&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&dr=http%3A%2F%2Fpetitlion18.fwh.is%2F&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&en=scroll&epn.percent_scrolled=90&_et=228&tfd=2372
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GZZDWRLKFR
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: http://petitlion18.fwh.is
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 18:34:12 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 Primary Request mm Show response
ta.bigolive.tv/spring_bigolive_activity/act2021/share39011/ 446 KB
335 KB 878ms
40ms Document
text/html 169.136.136.106
NETSTAR-AS-AP NET...

General

Check archive.org

Show headers Download Go to

Full URL

https://ta.bigolive.tv/spring_bigolive_activity/act2021/share39011/mm?code=6893554100&uid=2948801479&room=7015338174445824037&actor=560092345&roomType=1&shareType=

Requested by

Host: petitlion18.fwh.is
URL: http://petitlion18.fwh.is/?i=1

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

169.136.136.106 , Hong Kong, ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG),

Reverse DNS

Software

nginx /

Resource Hash

ebf2cf50d5a0ccea5c50b9b5746625c439dd6b5de4fd1e08140675ff053afd8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768001

Request headers

Referer: http://petitlion18.fwh.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: *
content-encoding: br
content-language: fr-FR
content-type: text/html;charset=UTF-8
date: Thu, 07 Nov 2024 18:34:12 GMT
server: nginx
strict-transport-security: max-age=15768001
vary: Origin
via: kong/2.2.2
x-kong-proxy-latency: 0
x-kong-upstream-latency: 8

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 824ms
824ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=16865246&t=event&_s=3&dl=http%3A%2F%2Fpetitlion18.fwh.is%2F%3Fi%3D1&ul=fr-fr&de=UTF-8&dt=%F0%9F%A7%A0%F0%9D%90%BF%F0%9D%92%BE%F0%9D%91%9C%F0%9D%93%83%20%F0%9F%A6%81%F0%9F%A4%AF%20%7C%20BIGO%20LIVE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Redirection%20Error&ea=redirect_fail&el=Fallback%20to%20Web%20Link&ev=0&_u=aADAAUABAAAAACAAI~&jid=&gjid=&cid=759062183.1731004450&tid=UA-167434529-1&_gid=80872982.1731004451&gtm=457e4au0za200zb869472301&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&jsscut=1&npa=1&z=280848793

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://petitlion18.fwh.is/

Response headers

age: 7127
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 16:35:25 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET petitlion18
www.bigo.tv/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: livevideoshow
URL: bigolive://livevideoshow?roomid=7015338174445824037&uid=560092345&visitor=1

Domain: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Domain: www.bigo.tv
URL: https://www.bigo.tv/petitlion18

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
goo.by/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6g2uar4o36tdr07rveh7j2hft6
goo.by/	1970-01-21 00:50:05	Name: short_926088 Value: 1
.goo.by/	1970-01-21 10:26:04	Name: _ga Value: GA1.1.691922433.1731004448
.yandex.ru/	1970-01-21 10:26:04	Name: i Value: fUXvpOXGJGYOkc93Fvs5q66+gp1SkUBsUGKn8Uw7t2jEdcfHL9ZBoD+d0dMFrPxHrWTI0wBYVi+trUvl+X5cg4IPUDc=
.yandex.ru/	1970-01-21 10:26:04	Name: yandexuid Value: 4174773791731004448
.yandex.ru/	1970-01-21 09:35:40	Name: yashr Value: 193047331731004448
.goo.by/	1970-01-21 09:35:40	Name: _ym_uid Value: 1731004449704943410
.goo.by/	1970-01-21 09:35:40	Name: _ym_d Value: 1731004449
.mc.yandex.com/	1970-01-21 00:50:05	Name: sync_cookie_csrf Value: 1704867145fake
.mc.yandex.by/	1970-01-21 00:50:05	Name: sync_cookie_csrf Value: 487767976fake
.yandex.com/	1970-01-21 10:26:04	Name: i Value: qD+VQUCoDe7+k4c+uMZQm5QBHHdy7Grb6XVis3JqlXaTklviBDi5PzXzAw5g7VpBKNB7AoWGe090wZiABejxkAemQHY=
.yandex.com/	1970-01-21 09:35:40	Name: yandexuid Value: 5558838961731004448
.yandex.com/	1970-01-21 09:35:40	Name: yashr Value: 6046661331731004448
.goo.by/	1970-01-21 00:51:16	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-21 00:50:05	Name: sync_cookie_csrf Value: 1728511045fake
.yandex.by/	1970-01-21 10:26:04	Name: yandexuid Value: 4174773791731004448
.yandex.by/	1970-01-21 10:26:04	Name: yuidss Value: 4174773791731004448
.yandex.by/	1970-01-21 10:26:04	Name: i Value: fUXvpOXGJGYOkc93Fvs5q66+gp1SkUBsUGKn8Uw7t2jEdcfHL9ZBoD+d0dMFrPxHrWTI0wBYVi+trUvl+X5cg4IPUDc=
.mc.yandex.by/	1970-01-21 00:51:30	Name: sync_cookie_ok Value: synced
.mc.yandex.com/	1970-01-21 00:51:30	Name: sync_cookie_ok Value: synced
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 912759331731004449
.yandex.com/	1970-01-21 09:35:40	Name: yuidss Value: 5558838961731004448
.yandex.com/	1970-01-21 09:35:40	Name: ymex Value: 1762540449.yrts.1731004449
.yandex.com/	1970-01-21 09:35:40	Name: receive-cookie-deprecation Value: 1
.yandex.com/	1970-01-21 10:26:04	Name: bh Value: KgI/MGChkLS5Bg==
.goo.by/	1970-01-21 00:50:06	Name: _ym_visorc Value: w
.goo.by/	1970-01-21 10:26:04	Name: _ga_YM89WYEN8N Value: GS1.1.1731004448.1.0.1731004449.0.0.0
petitlion18.fwh.is/	1970-01-21 10:26:04	Name: __test Value: 3e0423ae48a0d8392f477ca81e62e4ba
.fwh.is/	1970-01-21 10:26:04	Name: _ga Value: GA1.2.759062183.1731004450
.fwh.is/	1970-01-21 00:51:30	Name: _gid Value: GA1.2.80872982.1731004451
.fwh.is/	1970-01-21 00:50:04	Name: _gat_gtag_UA_167434529_1 Value: 1
.fwh.is/	1970-01-21 10:26:04	Name: _ga_GZZDWRLKFR Value: GS1.1.1731004450.1.0.1731004452.58.0.0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10546.UVF1RkVpiG8mTBPYj_1GrOfvGz54nCq56Gld8Bj-xD8NIxcJscx4GygijZOEqK8Q_k-uCvOMN-x6H7lG5jfTFhXFGK1g-y3VfBQmu-67QbUh7nlgQQVNckx5_kQ-OaA2HoWtrClgvI0eKkG28-qLY4-P0sc74iWwSZa58b6bDihLfPDDFTq5c7QAnJqKyBybJBp4f55EACp1o3ZAz0TJDg%2C%2C.RgUNdkAy9408AwbgDYmvcmryjjA%2C Message: Failed to load resource: the server responded with a status of 400 ()
other	error	URL: http://petitlion18.fwh.is/?i=1 Message: Not allowed to launch 'bigolive://livevideoshow?roomid=7015338174445824037&uid=560092345&visitor=1' because a user gesture is required.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acsbapp.com
cdn.acsbapp.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
gdl.bigolive.tv
goo.by
googleads.g.doubleclick.net
livevideoshow
mc.yandex.by
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
petitlion18.fwh.is
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
ta.bigolive.tv
www.bigo.tv
www.google-analytics.com
www.google.fr
www.googletagmanager.com
ep2.adtrafficquality.google
livevideoshow
www.bigo.tv
142.250.185.162
142.250.185.66
142.250.186.163
142.250.186.66
164.90.105.112
169.136.136.106
185.27.134.144
2001:4860:4802:32::36
216.239.34.36
2606:4700:10::6816:cc
2606:4700:10::ac43:b9b
2606:4700:3030::6815:56e9
2a00:1450:4001:80b::200e
2a00:1450:4001:81d::2008
2a00:1450:400c:c0c::9a
2a02:6b8::1:119
34c81a337837de6b4045411ecbe8f9f9763e3359f02d254e749de4de98f37304
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7c3094596e54b1fc061a15eea50be0ece483c199e5c7728ba24d534dcdf93a4a
7ccd0bc23f4ec9cc41e090f66480185faeb808fd14953a88a3c9f138f574f86e
95c84b4b5230f8cfb1f953e36e8914f462925743c10feaf6f87a889b8140fa87
a076f88adc8b4756db770c0ee262c9f2dbc53527a1ee03c959645bb97212a921
ad5dd4ee4e66c1558a0bd43c0ba14d8a6a9867aa211afb2797ac0d379fd58b96
ba8ffe935c13e3992d9f625fa17e40e257aad808a23e14933aa49d446acdbe6e
bfa39132251d437baddd6f0612072a0f39eecfc4e99150b61239a14167fa9f11
cd6e11b3d56d74de6bc82a2f359e411ee51e5deb5c50e2dbd7b8813532bd67eb
d29de1609682964244bc8dc4064ca380ee33d2a5854f06cf4bc64763c2778c8f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf2cf50d5a0ccea5c50b9b5746625c439dd6b5de4fd1e08140675ff053afd8f
ee2f91e85185c10fb4e2511b377b30b0df780f841cfc89c132d1f1b16c158437
ee3d29efafa268c317b8c99bf30be25f8db21a80ccc0f161a5ae26869b98ea6e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

ta.bigolive.tv Open in urlscan Pro 169.136.136.106 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

71 %HTTPS

50 %IPv6

16 Domains

21 Subdomains

17 IPs

6 Countries

1184 kBTransfer

2765 kBSize

32 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ta.bigolive.tv Open in urlscan Pro
169.136.136.106 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

71 %
HTTPS

50 %
IPv6

16
Domains

21
Subdomains

17
IPs

6
Countries

1184 kB
Transfer

2765 kB
Size

32
Cookies

35 HTTP transactions
0 data transactions